CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37411 – WordPress Captcha Code plugin <= 2.7 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-37411
01 Sep 2022 — Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza's Captcha Code plugin <= 2.7 at WordPress. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin Captcha Code de Vinoj Cardoza versiones anteriores a 2.7 incluyéndola, en WordPress The Captcha Code plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7. • https://patchstack.com/database/vulnerability/captcha-code-authentication/wordpress-captcha-code-plugin-2-7-cross-site-request-forgery-csrf-vulnerability-leading-to-plugin-settings-update/_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36373 – WordPress MP3 jPlayer plugin <= 2.7.3 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
https://notcve.org/view.php?id=CVE-2022-36373
01 Sep 2022 — Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Simon Ward MP3 jPlayer plugin <= 2.7.3 at WordPress. Múltiples vulnerabilidades de tipo Cross-Site Request Forgery (CSRF) en el plugin Simon Ward MP3 jPlayer versiones anteriores a 2.7.3 incluyéndola, en WordPress The MP3 jPlayer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.3. • https://patchstack.com/database/vulnerability/mp3-jplayer/wordpress-mp3-jplayer-plugin-2-7-3-multiple-cross-site-request-forgery-csrf-vulnerabilities • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-36554
https://notcve.org/view.php?id=CVE-2022-36554
29 Aug 2022 — A command injection vulnerability in the CLI (Command Line Interface) implementation of Hytec Inter HWL-2511-SS v1.05 and below allows attackers to execute arbitrary commands with root privileges. Una vulnerabilidad de inyección de comandos en la implementación de la CLI (interfaz de línea de comandos) de Hytec Inter HWL-2511-SS versiones v1.05 y anteriores, permite a atacantes ejecutar comandos arbitrarios con privilegios de root • https://hytec.co.jp/eng/wordpress/wp-content/uploads/2019/09/hwl-2511-ss-ds.3.0.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-36555
https://notcve.org/view.php?id=CVE-2022-36555
29 Aug 2022 — Hytec Inter HWL-2511-SS v1.05 and below implements a SHA512crypt hash for the root account which can be easily cracked via a brute-force attack. Hytec Inter HWL-2511-SS versiones v1.05 y anteriores, implementan un hash SHA512crypt para la cuenta de root que puede ser fácilmente descifrado por medio de un ataque de fuerza bruta • https://hytec.co.jp/eng/wordpress/wp-content/uploads/2019/09/hwl-2511-ss-ds.3.0.pdf • CWE-326: Inadequate Encryption Strength •
CVSS: 10.0EPSS: 32%CPEs: 2EXPL: 1CVE-2022-36553
https://notcve.org/view.php?id=CVE-2022-36553
29 Aug 2022 — Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi. Se ha detectado que Hytec Inter HWL-2511-SS versiones v1.05 y anteriores, contiene una vulnerabilidad de inyección de comandos por medio del componente /www/cgi-bin/popen.cgi • https://hytec.co.jp/eng/wordpress/wp-content/uploads/2019/09/hwl-2511-ss-ds.3.0.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 3CVE-2022-2840 – Zephyr Project Manager < 3.2.5 - Multiple Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2022-2840
29 Aug 2022 — The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections El plugin Zephyr Project Manager de WordPress versiones anteriores a 3.2.5, no sanea ni escapa de varios parámetros antes de usarlos en sentencias SQL por medio de varias acciones AJAX disponibles para usuarios autenticados y no autenticados, conl... • http://packetstormsecurity.com/files/168652/WordPress-Zephyr-Project-Manager-3.2.42-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3026 – WP Users Exporter <= 1.4.2 - CSV Injection
https://notcve.org/view.php?id=CVE-2022-3026
29 Aug 2022 — The WP Users Exporter plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.2 via the 'Export Users' functionality. ... El plugin WP Users Exporter para WordPress es vulnerable a una inyección de CSV en versiones hasta 1.4.2, incluyéndola, por medio de la funcionalidad "Export Users". • https://plugins.trac.wordpress.org/browser/wp-users-exporter/trunk/A_UserExporter.class.php • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37344 – WordPress Accommodation System plugin <= 1.0.1 - Missing Access Control vulnerability
https://notcve.org/view.php?id=CVE-2022-37344
25 Aug 2022 — Missing Access Control vulnerability in PHP Crafts Accommodation System plugin <= 1.0.1 at WordPress. Una vulnerabilidad de Falta de Control de Acceso en el plugin PHP Crafts Accommodation System versiones anteriores a 1.0.1 incluyéndola, en WordPress. The Accommodation System plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on some of its functions in versions up to, and including, 1.0.1. • https://patchstack.com/database/vulnerability/accommodation-system/wordpress-accommodation-system-plugin-1-0-1-missing-access-control-vulnerability/_s_id=cve • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37405 – WordPress Better Font Awesome plugin <= 2.0.1 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-37405
25 Aug 2022 — Cross-Site Request Forgery (CSRF) vulnerability in Mickey Kay's Better Font Awesome plugin <= 2.0.1 at WordPress. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin Better Font Awesome de Mickey Kay versiones anteriores a 2.0.1 incluyéndola, en WordPress The Better Font Awesome plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.1. • https://patchstack.com/database/vulnerability/better-font-awesome/wordpress-better-font-awesome-plugin-2-0-1-cross-site-request-forgery-csrf-vulnerability/_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36387 – WordPress About Me plugin <= 1.0.12 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2022-36387
25 Aug 2022 — Broken Access Control vulnerability in Alessio Caiazza's About Me plugin <= 1.0.12 at WordPress. Una vulnerabilidad de Control de Acceso Roto en el plugin About Me de Alessio Caiazza versiones anteriores a 1.0.12 incluyéndola, en WordPress. The About Me plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the functions covering its AJAX actions in versions up to, and including, 1.0.12. • https://patchstack.com/database/vulnerability/about-me/wordpress-about-me-plugin-1-0-12-broken-access-control-vulnerability/_s_id=cve • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •