CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25096 – WordPress canto plugin <= 3.0.7 - Unauth.
https://notcve.org/view.php?id=CVE-2024-25096
12 Feb 2024 — The Canto plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.0.6 via the 'abspath' parameter. • https://patchstack.com/database/vulnerability/canto/wordpress-canto-plugin-3-0-6-unauthenticated-remote-code-execution-rce-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25913 – WordPress MoveTo Plugin <= 6.2 is vulnerable to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-25913
12 Feb 2024 — The moveto plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in an unknown function in all versions up to, and including, 6.2. • https://patchstack.com/database/vulnerability/moveto/wordpress-moveto-plugin-6-2-unauthenticated-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25914 – WordPress SMTP Mail Plugin <= 1.3.20 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2024-25914
12 Feb 2024 — The SMTP Mail plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.20. • https://patchstack.com/database/vulnerability/smtp-mail/wordpress-smtp-mail-plugin-1-3-20-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24929 – WordPress WP Contact Form Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2024-24929
09 Feb 2024 — The WP Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6. • https://patchstack.com/database/vulnerability/wp-contact-form/wordpress-wp-contact-form-plugin-1-6-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24935 – WordPress Basic Log Viewer Plugin <= 1.0.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2024-24935
09 Feb 2024 — The Basic Log Viewer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. • https://patchstack.com/database/vulnerability/wpsimpletools-log-viewer/wordpress-basic-log-viewer-plugin-1-0-4-cross-site-request-forgery-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1207 – Booking Calendar <= 9.9 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2024-1207
07 Feb 2024 — The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendar_request_params[dates_ddmmyy_csv]' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. ... El complemento WP Booking Calendar para WordPress es vulnerable a la inyección SQL a través del parámetro 'calendar_request_params[dates_ddmmyy_csv]' en todas las versiones hasta la 9.9 inclui... • https://github.com/sahar042/CVE-2024-1207 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 0CVE-2023-6989 – Shield Security – Smart Bot Blocking & Intrusion Prevention Security <= 18.5.9 - Unauthenticated Local File Inclusion
https://notcve.org/view.php?id=CVE-2023-6989
05 Feb 2024 — The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. ... El complemento Shield Security – Smart Bot Blocking & Intrusion Prevention Security para WordPress es vulnerable a la inclusión de archivos locales en todas las versiones hasta la 18.5.9 incluida, a través del parámetro render_action_template. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3013699%40wp-simple-firewall&new=3013699%40wp-simple-firewall&sfp_email=&sfph_mail= • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24875 – WordPress Link Library Plugin <= 7.5.13 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2024-24875
05 Feb 2024 — The Link Library plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.5.13. • https://patchstack.com/database/vulnerability/link-library/wordpress-link-library-plugin-7-5-13-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24884 – WordPress Contact Form 7 Connector Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2024-24884
05 Feb 2024 — The Contact Form 7 Connector plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.2. • https://patchstack.com/database/vulnerability/ari-cf7-connector/wordpress-contact-form-7-connector-plugin-1-2-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24887 – WordPress Contest Gallery Plugin <= 21.2.8.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2024-24887
05 Feb 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress: from n/a through 21.2.8.4. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPr... • https://patchstack.com/database/vulnerability/contest-gallery/wordpress-photos-and-files-contest-gallery-plugin-21-2-8-4-csrf-leading-to-gallery-creation-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •