CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36389 – WordPress Better Messages plugin <= 1.9.9.148 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-36389
18 Jan 2022 — Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin WordPlus Better Messages versiones anteriores a 1.9.9.148 incluyéndola, en WordPress. The Better Messages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9.9.148. • https://patchstack.com/database/vulnerability/bp-better-messages/wordpress-better-messages-plugin-1-9-9-148-cross-site-request-forgery-csrf-vulnerability-2 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 1CVE-2021-4436 – 3DPrint Lite < 1.9.1.5 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2021-4436
23 Sep 2021 — The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. ... El complemento 3DPrint Lite de WordPress anterior a 1.9.1.5 no tiene ninguna autorización y no verifica el archivo cargado en su acción p3dlite_handle_upload AJAX, lo que permite a usuarios no autenticados cargar archivos arbitrarios al servidor web. ... The... • https://wpscan.com/vulnerability/c46ecd0d-a132-4ad6-b936-8acde3a09282 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-4374 – WordPress Automatic Plugin <= 3.53.2 - Unauthenticated Arbitrary Options Update
https://notcve.org/view.php?id=CVE-2021-4374
06 Sep 2021 — The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. • https://blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-automatic-plugin • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-4380 – Pinterest Automatic <= 4.14.3 - Unuathenticated Arbitrary Options Update
https://notcve.org/view.php?id=CVE-2021-4380
06 Sep 2021 — The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wp_pinterest_automatic_parse_request' function and the 'process_form.php' script in versions up to, and including, 1.14.3. • https://blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-pinterest-automatic-plugin • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-4387 – Opal Estate <= 1.6.11 - Cross-Site Request Forgery Bypass
https://notcve.org/view.php?id=CVE-2021-4387
16 Aug 2021 — The Opal Estate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.11. • https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24527 – Profile Builder < 3.4.9 - Admin Access via Password Reset
https://notcve.org/view.php?id=CVE-2021-24527
19 Jul 2021 — The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. ... El plugin de WordPress Profile Builder de User Registration & User Profile versiones anteriores a 3.4.9, presenta un bug, permitiendo a cualquier usuario restablecer la contraseña del administrador del blog, y conseguir un acceso no autorizado, d... • https://wpscan.com/vulnerability/c142e738-bc4b-4058-a03e-1be6fca47207 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-4356 – Frontend File Manager <= 18.2 - Unauthenticated Arbitrary File Download
https://notcve.org/view.php?id=CVE-2021-4356
12 Jul 2021 — The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Download in versions up to, and including, 18.2. • https://blog.nintechnet.com/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-4394 – Locations <= 3.2.1 - Cross-Site Request Forgery Bypass
https://notcve.org/view.php?id=CVE-2021-4394
05 Jul 2021 — The Locations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.1. • https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4399 – Edwiser Bridge <= 2.0.6 - Cross-Site Request Forgery Bypass
https://notcve.org/view.php?id=CVE-2021-4399
28 Jun 2021 — The Edwiser Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,2.0.6. ... El plugin Edwiser Bridge para WordPress es vulnerable a ataques de tipo Cross-Site Request Forgery (CSRF) en versiones hasta la 2.0.6 inclusive. • https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4449 – ZoomSounds <= 5.96 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2021-4449
24 Jun 2021 — The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, and including, 5.96. • https://ithemes.com/blog/wordpress-vulnerability-report-june-2021-part-5/#ib-toc-anchor-2 • CWE-434: Unrestricted Upload of File with Dangerous Type •