CVSS: 10.0EPSS: 85%CPEs: 1EXPL: 3CVE-2023-6875 – POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Authorization Bypass via type connect-app API
https://notcve.org/view.php?id=CVE-2023-6875
10 Jan 2024 — The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data... • http://packetstormsecurity.com/files/176525/WordPress-POST-SMTP-Mailer-2.8.7-Authorization-Bypass-Cross-Site-Scripting.html • CWE-639: Authorization Bypass Through User-Controlled Key CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 3CVE-2023-51409 – WordPress AI Engine plugin <= 1.9.98 - Unauthenticated Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2023-51409
09 Jan 2024 — plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'rest_upload' function in all versions up to, and including, 1.9.98. • https://patchstack.com/database/vulnerability/ai-engine/wordpress-ai-engine-plugin-1-9-98-unauthenticated-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52200 – WordPress ARMember Plugin <= 4.0.22 is vulnerable to Cross Site Request Forgery (CSRF) leading to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-52200
08 Jan 2024 — The ARMember plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.22. • https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-lite-plugin-4-0-22-cross-site-request-forgery-csrf-to-php-object-injection-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52221 – WordPress Barcode Scanner with Inventory & Order Manager Plugin <= 1.5.1 is vulnerable to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-52221
08 Jan 2024 — For WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'uploadFile' function in all versions up to, and including, 1.5.1. • https://patchstack.com/database/vulnerability/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/wordpress-barcode-scanner-with-inventory-order-manager-plugin-1-5-1-unauthenticated-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22136 – WordPress Droit Elementor Addons Plugin <= 3.1.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2024-22136
08 Jan 2024 — The Droit Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.5. • https://patchstack.com/database/vulnerability/droit-elementor-addons/wordpress-droit-elementor-addons-plugin-3-1-5-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52215 – WordPress Barcode Scanner with Inventory & Order Manager Plugin <=1.5.1 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-52215
08 Jan 2024 — For WooCommerce plugin for WordPress is vulnerable to SQL Injection via the ‘userToken’ parameter in all versions up to 1.5.2 (exclusive) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/wordpress-barcode-scanner-with-inventory-order-manager-plugin-1-5-1-unauthenticated-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52129 – WordPress teachPress Plugin <= 9.0.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-52129
05 Jan 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.4. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Michael Winkler TeachPress. Este problema afecta a TeachPress: desde n/a hasta 9.0.4. • https://patchstack.com/database/vulnerability/teachpress/wordpress-teachpress-plugin-9-0-4-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52218 – WordPress WooCommerce Tranzila Gateway Plugin <= 1.0.8 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-52218
05 Jan 2024 — The Woocommerce Tranzila Payment Gateway plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.8 via deserialization of untrusted input. • https://patchstack.com/database/vulnerability/woo-tranzila-gateway/wordpress-woocommerce-tranzila-gateway-plugin-1-0-8-unauthenticated-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52222 – WordPress WooCommerce Plugin <= 8.2.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-52222
05 Jan 2024 — The WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.2. • https://patchstack.com/database/vulnerability/woocommerce/wordpress-woocommerce-plugin-8-2-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52225 – WordPress Taggbox Plugin <= 3.1 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-52225
05 Jan 2024 — The Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1 via deserialization of untrusted input. • https://patchstack.com/database/vulnerability/taggbox-widget/wordpress-tagbox-widget-plugin-3-1-unauthenticated-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •