CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48742 – WordPress License Manager for WooCommerce Plugin <= 2.2.10 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-48742
23 Nov 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LicenseManager License Manager for WooCommerce license-manager-for-woocommerce allows SQL Injection.This issue affects License Manager for WooCommerce: from n/a through 2.2.10. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyección SQL') en LicenseManager License Manager for WooCommerce license-manager-for-woocommerce permite la inyección SQL. Este prob... • https://patchstack.com/database/vulnerability/license-manager-for-woocommerce/wordpress-license-manager-for-woocommerce-plugin-2-2-10-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5958 – POST SMTP Mailer < 2.7.1 - Unauthenticated Cross-site Scripting
https://notcve.org/view.php?id=CVE-2023-5958
06 Nov 2023 — The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users. El complemento POST SMTP Mailer de WordPress anterior a 2.7.1 no escapa del contenido del mensaje de correo electrónico antes de mostrarlo en el backend, lo que permite a un atacante no autenticado realizar ataques XSS contra usuarios con privilegios elevados. The POST SMTP Mailer – Email log... • https://wpscan.com/vulnerability/22fa478d-e42e-488d-9b4b-a8720dec7cee • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-47181 – WordPress Email Templates Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47181
03 Nov 2023 — Cross-Site Request Forgery (CSRF) vulnerability in wpexpertsio Email Templates Customizer and Designer for WordPress and WooCommerce email-templates allows Cross Site Request Forgery.This issue affects Email Templates Customizer and Designer for WordPress and WooCommerce: from n/a through 1.4.2. La vulnerabilidad de Cross-Site Request Forgery (CSRF) en wpexpertsio Email Templates Customizer and Designer para WordPress y WooCommerce permite Cross-Site Request Forgery (CSRF). Este problema afecta Email Templa... • https://patchstack.com/database/vulnerability/email-templates/wordpress-email-templates-plugin-1-4-2-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4798 – User Avatar - Reloaded < 1.2.2 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-4798
25 Sep 2023 — The User Avatar WordPress plugin before 1.2.2 does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks. El complemento User Avatar de WordPress anterior a 1.2.2 no sanitiza ni escapa adecuadamente a algunos de sus atributos de shortcodes, lo que podría permitir a usuarios con privilegios relativamente bajos, como los contribuyentes, realizar ataques XSS almacenados. The User Avatar – Reloaded... • https://wpscan.com/vulnerability/273a95bf-39fe-4ba7-bc14-9527acfd9f42 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3082 – Post SMTP <= 2.5.7 - Unauthenticated Stored Cross-Site Scripting via Email
https://notcve.org/view.php?id=CVE-2023-3082
11 Jul 2023 — The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://plugins.trac.wordpress.org/changeset/2935537/post-smtp • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3178 – POST SMTP Mailer < 2.5.7 - Arbitrary Log Deletion via CSRF
https://notcve.org/view.php?id=CVE-2023-3178
26 Jun 2023 — The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability delete arbitrary logs via a CSRF attack. El complemento POST SMTP Mailer de WordPress anterior a 2.5.7 no tiene comprobaciones CSRF adecuadas en algunas acciones AJAX, lo que podría permitir a los atacantes hacer que los usuarios registrados con la capacidad de Manage_postman_smtp eliminen registros arbitrarios m... • https://wpscan.com/vulnerability/5341cb5d-d204-49e1-b013-f8959461995f • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3179 – POST SMTP Mailer < 2.5.7 - Account Takeover via CSRF
https://notcve.org/view.php?id=CVE-2023-3179
26 Jun 2023 — The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability resend an email to an arbitrary address (for example a password reset email could be resent to an attacker controlled email, and allow them to take over an account). The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.6. This is due to incorr... • https://wpscan.com/vulnerability/542caa40-b199-4397-90bb-4fdb693ebb24 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32580 – WordPress Password Protected Plugin <= 2.6.2 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-32580
13 Jun 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPExperts Password Protected plugin <= 2.6.2 versions. The Password Protected plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an i... • https://patchstack.com/database/vulnerability/password-protected/wordpress-password-protected-plugin-2-6-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35038 – WordPress WP PDF Generator Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-35038
13 Jun 2023 — Cross-Site Request Forgery (CSRF) vulnerability in wpexperts.Io WP PDF Generator plugin <= 1.2.2 versions. The WP PDF Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.2. This is due to missing nonce validation on the wpexperts_pdf_save_data() function. This makes it possible for unauthenticated attackers to update PDF settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. ... • https://patchstack.com/database/vulnerability/wp-pdf-generator/wordpress-wp-pdf-generator-plugin-1-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0152 – WP Multi Store Locator <= 2.4 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-0152
12 May 2023 — The WP Multi Store Locator WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks The WP Multi Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 2.4.9 due to insufficient input sanitization and output e... • https://wpscan.com/vulnerability/8281fce2-6f24-4d3f-895f-4d8694806609 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •