CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39645 – WordPress Tutor LMS plugin <= 2.7.2 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-39645
01 Aug 2024 — The Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.2. • https://patchstack.com/database/vulnerability/tutor/wordpress-tutor-lms-plugin-2-7-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39657 – WordPress Sender plugin <= 2.6.18 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-39657
01 Aug 2024 — The Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.18. • https://patchstack.com/database/vulnerability/sender-net-automated-emails/wordpress-sender-newsletter-sms-and-email-marketing-automation-for-woocommerce-plugin-2-6-18-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6847 – SmartSearch WP <= 2.4.4 - Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2024-6847
29 Jul 2024 — The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users when submitting messages to the chatbot. The Chatbot with ChatGPT WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL... • https://wpscan.com/vulnerability/baa860bb-3b7d-438a-ad54-92bf8e21e851 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39628 – WordPress Ninja Forms plugin <= 3.8.6 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-39628
24 Jul 2024 — The Ninja Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.8.6. • https://patchstack.com/database/vulnerability/ninja-forms/wordpress-ninja-forms-plugin-3-8-6-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38795 – WordPress ListingPro plugin <= 2.9.4 - Unauthenticated SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-38795
22 Jul 2024 — The ListingPro plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.9.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/listingpro-plugin/wordpress-listingpro-plugin-2-9-3-unauthenticated-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39622 – WordPress ListingPro theme <= 2.9.4 - Unauthenticated SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-39622
22 Jul 2024 — The ListingPro theme for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.9.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/listingpro/wordpress-listingpro-theme-2-9-3-unauthenticated-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39623 – WordPress ListingPro theme <= 2.9.4 - Cross Site Request Forgery (CSRF) to Account Takeover vulnerability
https://notcve.org/view.php?id=CVE-2024-39623
22 Jul 2024 — The ListingPro theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.3. • https://patchstack.com/database/wordpress/theme/listingpro/vulnerability/wordpress-listingpro-theme-2-9-3-cross-site-request-forgery-csrf-to-account-takeover-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6636 – WooCommerce - Social Login <= 2.7.3 - Missing Authorization to Unauthenticated Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-6636
19 Jul 2024 — The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woo_slg_login_email' function in all versions up to, and including, 2.7.3. ... El complemento WooCommerce - Social Login para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la función 'woo_slg_login_email' en todas las versiones hasta la 2.7.3 incluida. • https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38773 – WordPress formlift plugin <= 7.5.17 - Unauthenticated Blind SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-38773
19 Jul 2024 — The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to SQL Injection via the 'form_id' parameter in versions up to, and including, 7.5.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/formlift/wordpress-formlift-plugin-7-5-17-unauthenticated-blind-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6220 – 简数采集器 (Keydatas) <= 2.5.2 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6220
16 Jul 2024 — (Keydatas) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatas_downloadImages function in all versions up to, and including, 2.5.2. ... (Keydatas) para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validación del tipo de archivo en la función keydatas_downloadImages en todas las versiones hasta la 2.5.2 incluida. ... The 简数采集器 (Keydatas) plugin for WordPress is vulnerable to arbitrary file upl... • https://plugins.trac.wordpress.org/browser/keydatas/trunk/keydatas.php • CWE-434: Unrestricted Upload of File with Dangerous Type •