CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38085 – WordPress Read more By Adam plugin <= 1.1.8 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-38085
12 Sep 2022 — Cross-Site Request Forgery (CSRF) vulnerability in Read more By Adam plugin <= 1.1.8 at WordPress. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin Read more By Adam versiones anteriores a 1.1.8 incluyéndola en WordPress. The Read more By Adam plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.8. • https://patchstack.com/database/vulnerability/read-more/wordpress-read-more-by-adam-plugin-1-1-8-cross-site-request-forgery-csrf-vulnerability/_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36388 – WordPress YDS Support Ticket System plugin <= 1.0 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-36388
12 Sep 2022 — Cross-Site Request Forgery (CSRF) vulnerability in YDS Support Ticket System plugin <= 1.0 at WordPress. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin YDS Support Ticket System versiones anteriores a 1.0 incluyéndola en WordPress. The YDS Support Ticket System plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. • https://patchstack.com/database/vulnerability/yds-support-ticket-system/wordpress-yds-support-ticket-system-plugin-1-0-cross-site-request-forgery-csrf-vulnerability/_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38139 – WordPress RD Station plugin <= 5.2.0 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
https://notcve.org/view.php?id=CVE-2022-38139
11 Sep 2022 — Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in RD Station plugin <= 5.2.0 at WordPress. Múltiples vulnerabilidades de falsificación de solicitud de sitio cruzado (CSRF) en el plugin RD Station versiones anteriores o iguales a 5.2.0 en WordPress. The RD Station plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.2.0. • https://patchstack.com/database/vulnerability/integracao-rd-station/wordpress-rd-station-plugin-5-1-3-multiple-cross-site-request-forgery-csrf-vulnerabilities? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38144 – WordPress wpForo Forum plugin <= 2.0.5 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-38144
08 Sep 2022 — Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 at WordPress. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin wpForo Forum de gVectors Team versiones anteriores a 2.0.5 incluyéndola, en WordPress The wpForo Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.5. • https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-forum-plugin-2-0-5-cross-site-request-forgery-csrf-vulnerability/_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2754 – Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Blind SQLi
https://notcve.org/view.php?id=CVE-2022-2754
06 Sep 2022 — The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated attackers to perform SQL Injection attacks El plugin Ketchup Restaurant Reservations de WordPress versiones hasta 1.0.0, no comprueba ni escapa de algunos parámetros de reserva antes de usarlos en sentencias SQL, lo que podría permitir a atacantes no autenticados llevar a cabo ataques de inyección SQL ... • https://wpscan.com/vulnerability/e3c6d137-ff6e-432a-a21a-b36dc81f73c5 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38093 – WordPress All in One SEO plugin <= 4.2.3.1 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
https://notcve.org/view.php?id=CVE-2022-38093
05 Sep 2022 — Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in All in One SEO plugin <= 4.2.3.1 at WordPress. Múltiples vulnerabilidades de tipo Cross-Site Request Forgery (CSRF) en el plugin All in One SEO versiones anteriores a 4.2.3.1, en WordPress The All in One SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.2.3.1. • https://patchstack.com/database/vulnerability/all-in-one-seo-pack/wordpress-all-in-one-seo-plugin-4-2-3-1-multiple-cross-site-request-forgery-csrf-vulnerabilities? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24890 – Scripts Organizer < 3.0 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2021-24890
05 Sep 2022 — The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a file El plugin Scripts Organizer de WordPress versiones anteriores a 3.0 no presenta comprobaciones de capacidad y de tipo CSRF en la acción saveScript AJAX, disponible tanto para usuarios no autentica... • https://dplugins.com/products/scripts-organizer • CWE-352: Cross-Site Request Forgery (CSRF) CWE-434: Unrestricted Upload of File with Dangerous Type CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36798 – WordPress Mega Addons For WPBakery Page Builder plugin <= 4.2.7 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-36798
02 Sep 2022 — Cross-Site Request Forgery (CSRF) vulnerability in Topdigitaltrends Mega Addons For WPBakery Page Builder plugin <= 4.2.7 at WordPress. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin Topdigitaltrends Mega Addons For WPBakery Page Builder versiones anteriores a 4.2.7 incluyéndola en WordPress. The Mega Addons For WPBakery Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.2.7. • https://patchstack.com/database/vulnerability/mega-addons-for-visual-composer/wordpress-mega-addons-for-wpbakery-page-builder-plugin-4-2-7-cross-site-request-forgery-csrf-vulnerability • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2022-41840 – WordPress Welcart eCommerce plugin <= 2.7.7 - Unauth.
https://notcve.org/view.php?id=CVE-2022-41840
02 Sep 2022 — Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress. Vulnerabilidad de Directory Traversal no autenticada en el complemento Welcart eCommerce en WordPress en versiones <= 2.7.7. The Welcart e-Commerce plugin for WordPress is vulnerable to arbitrary file read due to missing restrictions to proper file paths in the ~/functions/progress-check.php file in versions 2.6.0 - 2.7.7. • https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-7-7-unauth-directory-traversal-vulnerability? • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35277 – WordPress GetResponse plugin <= 5.5.20 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-35277
01 Sep 2022 — Cross-Site Request Forgery (CSRF) vulnerability in GetResponse plugin <= 5.5.20 at WordPress. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin GetResponse versiones anteriores a 5.5.20 incluyéndola, en WordPress The GetResponse plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.5.19. • https://patchstack.com/database/vulnerability/getresponse-integration/wordpress-getresponse-plugin-5-5-18-cross-site-request-forgery-csrf-vulnerability-leading-to-api-key-update/_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •