CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51544 – WordPress RegistrationMagic plugin <= 5.2.5.0 - Form Submission Limit Bypass vulnerability
https://notcve.org/view.php?id=CVE-2023-51544
Improper Control of Interaction Frequency vulnerability in Metagauss RegistrationMagic allows Functionality Misuse.This issue affects RegistrationMagic: from n/a through 5.2.5.0. La vulnerabilidad de control inadecuado de la frecuencia de interacción en Metagauss RegistrationMagic permite un uso indebido de la funcionalidad. Este problema afecta a RegistrationMagic: desde n/a hasta 5.2.5.0. The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to form submission limit bypass in all versions up to, and including, 5.2.5.0 due to insufficient protection logic. This makes it possible for unauthenticated attackers to submit more form entries than the form submission limit allows. • https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-plugin-5-2-5-0-form-submission-limit-bypass-vulnerability?_s_id=cve • CWE-693: Protection Mechanism Failure CWE-799: Improper Control of Interaction Frequency •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51543 – WordPress RegistrationMagic plugin <= 5.2.5.0 - IP Limit Bypass vulnerability
https://notcve.org/view.php?id=CVE-2023-51543
Authentication Bypass by Spoofing vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through 5.2.5.0. Vulnerabilidad de omisión de autenticación mediante suplantación de identidad en Metagauss RegistrationMagic permite acceder a la funcionalidad no restringida adecuadamente por las ACL. Este problema afecta a RegistrationMagic: desde n/a hasta 5.2.5.0. The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 5.2.5.0 due to use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to submit more form entries than the form submission limit allows. • https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-plugin-5-2-5-0-ip-limit-bypass-vulnerability?_s_id=cve • CWE-290: Authentication Bypass by Spoofing CWE-693: Protection Mechanism Failure •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51486 – WordPress WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin <= 1.2.101 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2023-51486
Cross-Site Request Forgery (CSRF) vulnerability in RedNao WooCommerce PDF Invoice Builder.This issue affects WooCommerce PDF Invoice Builder: from n/a through 1.2.101. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en RedNao WooCommerce PDF Invoice Builder. Este problema afecta a WooCommerce PDF Invoice Builder: desde n/a hasta 1.2.101. The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.101. This is due to missing or incorrect nonce validation in the /pages/invoice_list.php file. • https://patchstack.com/database/vulnerability/woo-pdf-invoice-builder/wordpress-woocommerce-pdf-invoice-builder-create-invoices-packing-slips-and-more-plugin-1-2-101-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49831 – RegistrationMagic <= 5.2.3.0 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-49831
The RegistrationMagic plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_user_profile() function in versions up to, and including, 5.2.3.0. This makes it possible for unauthenticated attackers to update other user's profiles. • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47823 – FormCraft <= 1.2.7 - Missing Authorization via formcraft_nag_update
https://notcve.org/view.php?id=CVE-2023-47823
The FormCraft plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the formcraft_nag_update AJAX nopriv_ function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to delay or disable update notifications. • CWE-862: Missing Authorization •