CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22304 – WordPress FreshMail For WordPress Plugin <= 2.3.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2024-22304
17 Jan 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Borbis Media FreshMail For WordPress.This issue affects FreshMail For WordPress: from n/a through 2.3.2. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Borbis Media FreshMail para WordPress. Este problema afecta a FreshMail para WordPress: desde n/a hasta 2.3.2. The FreshMail For WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.2. • https://patchstack.com/database/vulnerability/freshmail-integration/wordpress-freshmail-for-wordpress-plugin-2-3-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-6036 – Web3 – Crypto wallet Login & NFT token gating < 3.0.0 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2023-6036
17 Jan 2024 — The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'hadle_login_request'. ... El complemento Web3 de WordPress anterior a 3.0.0 es vulnerable a una omisión de autenticación debido a una verificación de autenticación incorrecta en el flujo de inicio de sesión en las funciones 'handle_auth_request' y 'hadle_login_request'. ... The Web3 – Crypto wallet Login & NFT token ... • https://github.com/pctripsesp/CVE-2023-6036 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22284 – WordPress Asgaros Forum Plugin <= 2.7.2 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2024-22284
16 Jan 2024 — The Asgaros Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.7.2 via deserialization of untrusted input in the prepare_unread_status function. • https://patchstack.com/database/vulnerability/asgaros-forum/wordpress-asgaros-forum-plugin-2-7-2-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22285 – WordPress Frontpage Manager Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2024-22285
16 Jan 2024 — The Frontpage Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3. • https://patchstack.com/database/vulnerability/frontpage-manager/wordpress-frontpage-manager-plugin-1-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22290 – WordPress Custom Dashboard Widgets Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2024-22290
16 Jan 2024 — The Custom Dashboard Widgets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.1. • https://patchstack.com/database/vulnerability/custom-dashboard-widgets/wordpress-custom-dashboard-widgets-plugin-1-3-1-csrf-to-xss-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0428 – Index Now <= 2.6.3 - Cross-Site Request Forgery via reset_form
https://notcve.org/view.php?id=CVE-2024-0428
12 Jan 2024 — The Index Now plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.3. ... El complemento Index Now para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 2.6.3 incluida. • https://plugins.trac.wordpress.org/changeset/3020958/mihdan-index-now/tags/2.6.4/src/Views/WPOSA.php • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22143 – WordPress WP Spell Check Plugin <= 9.17 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2024-22143
12 Jan 2024 — The WP Spell Check plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.17. • https://patchstack.com/database/vulnerability/wp-spell-check/wordpress-wp-spell-check-plugin-9-17-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5448 – WP Register Profile With Shortcode <= 3.5.9 - Cross-Site Request Forgery to User Password Reset
https://notcve.org/view.php?id=CVE-2023-5448
10 Jan 2024 — The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.9. ... El complemento WP Register Profile With Shortcode para WordPress es vulnerable a Cross-Site Request Forgery en versiones hasta la 3.5.9 incluida. • https://plugins.trac.wordpress.org/changeset/3018102 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22140 – WordPress Profile Builder Pro Plugin <= 3.10.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2024-22140
10 Jan 2024 — The Profile Builder Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.10.0. • https://patchstack.com/database/vulnerability/profile-builder-pro/wordpress-profile-builder-pro-plugin-3-10-0-csrf-leading-to-account-takeover-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31276 – WordPress Products, Order & Customers Export for WooCommerce plugin <= 2.0.8 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-31276
10 Jan 2024 — The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on the alg_wc_export_admin_product_preview and alg_wc_export_admin_product_change_date_filter functions in all versions up to, and including, 2.0.7. • https://patchstack.com/database/vulnerability/export-woocommerce/wordpress-products-order-customers-export-for-woocommerce-plugin-2-0-8-broken-access-control-vulnerability? • CWE-862: Missing Authorization •