CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2435 – AnyMind Widget <= 1.1 - Cross-Site Request Forgery to Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2435
05 Jul 2022 — The AnyMind Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1. ... El plugin AnyMind Widget para WordPress es vulnerable a un ataque de tipo Cross-Site Request Forgery en versiones hasta 1.1 incluyéndola. • https://plugins.trac.wordpress.org/browser/anymind-widget/trunk/anymind-widget-id.php • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2443 – FreeMind WP Browser <= 1.2 - Cross-Site Request Forgery to Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2443
05 Jul 2022 — The FreeMind WP Browser plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.2. ... El plugin FreeMind WP Browser para WordPress es vulnerable a un ataque de tipo Cross-Site Request Forgery en versiones hasta 1.2 incluyéndola. • https://plugins.trac.wordpress.org/browser/freemind-wp-browser/trunk/freemind-wp-browser.php#L104 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2184 – CAPTCHA 4WP < 7.1.0 - Local File Inclusion via CSRF
https://notcve.org/view.php?id=CVE-2022-2184
29 Jun 2022 — The CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input reach a sensitive require_once call in one of its admin-side templates. ... El plugin CAPTCHA 4WP de WordPress versiones anteriores a 7.1.0, permite que la entrada del usuario llegue a una llamada confidencial require_once en una de sus plantillas del lado del administrador. Esto puede ser abusado por atacantes, por medio de un ataque de tipo Cross-Site Request Forgery para ejecutar código arbitrario en el servidor The CAPTCHA 4WP p... • https://wpscan.com/vulnerability/e777784f-5ba0-4966-be27-e0a0cbbfe056 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2240 – Request a Quote <= 2.3.7 - CSV Injection
https://notcve.org/view.php?id=CVE-2022-2240
28 Jun 2022 — The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it El plugin Request a Quote de WordPress versiones hasta 2.3.7, no comprueba los archivos CSV subidos, lo que permite a usuarios no autenticados adjuntar un archivo CSV malicioso a un presupuesto, lo que podría conllevar a una inyección CSV una vez que un administra... • https://wpscan.com/vulnerability/6a3a573e-f9f2-45ec-9156-332cc551fc7e • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 10.0EPSS: 7%CPEs: 1EXPL: 5CVE-2022-1609 – The School Management < 9.9.7 - Unauthenticated RCE via REST api
https://notcve.org/view.php?id=CVE-2022-1609
27 Jun 2022 — The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site. El complemento de WordPress School Management anterior a 9.9.7 contiene una puerta trasera ofuscada inyectada en su código de verificación de licencia que registra un controlador de API REST, lo que permite a un atacante no autenticado ejecutar código PHP arbi... • https://github.com/0xSojalSec/-CVE-2022-1609 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-912: Hidden Functionality •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34858 – WordPress OAuth 2.0 client for SSO plugin <= 1.11.3 - Authentication Bypass vulnerability
https://notcve.org/view.php?id=CVE-2022-34858
23 Jun 2022 — Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress. Una vulnerabilidad de elusión de autenticación en el cliente miniOrange Oauth versión 2.0 para el plugin SSO versiones anteriores a 1.11.3 incluyéndola, en WordPress. The OAuth 2.0 client for SSO plugin for WordPress is vulnerable to authentication bypass in versions up to, and including 1.11.3. • https://patchstack.com/database/vulnerability/oauth-client/wordpress-oauth-2-0-client-for-sso-plugin-1-11-3-authentication-bypass-vulnerability? • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2001 – DX Share Selection <= 1.4 - Cross-Site Request Forgery to Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2001
22 Jun 2022 — The DX Share Selection plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. ... El plugin DX Share Selection para WordPress es vulnerable a un ataque de tipo Cross-Site Request Forgery en versiones hasta 1.4 incluyéndola. • https://wordpress.org/plugins/dx-share-selection • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2039 – Free Live Chat Support <= 1.0.11 - Cross-Site Request Forgery to Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2039
22 Jun 2022 — The Free Live Chat Support plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.11. ... El plugin Free Live Chat Support para WordPress es vulnerable a un ataque de tipo Cross-Site Request Forgery en versiones hasta 1.0.11 incluyéndola. • https://wordpress.org/plugins/livesupporti/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1912 – Button Widget Smartsoft <= 1.0.1 - Cross-Site Request Forgery to Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1912
16 Jun 2022 — The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. ... El plugin Button Widget Smartsoft para WordPress es vulnerable a un ataque de tipo Cross-Site Request Forgery en versiones hasta 1.0.1 incluyéndola. • https://plugins.trac.wordpress.org/browser/smartsoftbutton-widget-de-botones-de-chat/trunk/admin/pages/settings.php#L60 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-4226 – RSFirewall < 1.1.25 - IP Block Bypass
https://notcve.org/view.php?id=CVE-2021-4226
13 Apr 2022 — plugin for WordPress is vulnerable to IP Address Spoofing in versions less than and equal to 1.1.24 due to insufficient IP address validation. • https://wpscan.com/vulnerability/c0ed80c8-ebbf-4ed9-b02f-31660097c352 • CWE-348: Use of Less Trusted Source •