CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52216 – WordPress JS & CSS Script Optimizer Plugin <= 0.3.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-52216
03 Jan 2024 — The JS & CSS Script Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.3.3. • https://patchstack.com/database/vulnerability/js-css-script-optimizer/wordpress-js-css-script-optimizer-plugin-0-3-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6390 – WordPress Users <= 1.4 - Settings Update via CSRF
https://notcve.org/view.php?id=CVE-2023-6390
03 Jan 2024 — The WordPress Users WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. El complemento WordPress Users de WordPress hasta la versión 1.4 no tiene activada la verificación CSRF al actualizar su configuración, lo que podría permitir a los atacantes hacer que un administrador que haya iniciado sesión los cambie mediante un ataque CSRF. The WordPress User... • https://magos-securitas.com/txt/2023-6390.txt • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-6391 – Custom User CSS <= 0.2 - Settings Update via CSRF
https://notcve.org/view.php?id=CVE-2023-6391
03 Jan 2024 — The Custom User CSS WordPress plugin through 0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. El complemento de WordPress Custom User CSS hasta la versión 0.2 no tiene activada la verificación CSRF al actualizar su configuración, lo que podría permitir a los atacantes hacer que un administrador que haya iniciado sesión los cambie mediante un ataque CSRF. The Custom User CSS plugin for WordP... • https://magos-securitas.com/txt/CVE-2023-6391.txt • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-7074 – WP Social Bookmark Menu <= 1.2 - Settings Update via CSRF
https://notcve.org/view.php?id=CVE-2023-7074
03 Jan 2024 — The WP SOCIAL BOOKMARK MENU WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. El complemento de WordPress WP SOCIAL BOOKMARK MENU hasta la versión 1.2 no tiene activada la verificación CSRF al actualizar su configuración, lo que podría permitir a los atacantes hacer que un administrador que haya iniciado sesión los cambie mediante un ataque CSRF. The WP Social Bookmark ... • https://magos-securitas.com/txt/CVE-2023-7074.txt • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 8%CPEs: 1EXPL: 1CVE-2023-6634 – LearnPress <= 4.2.5.7 - Command Injection
https://notcve.org/view.php?id=CVE-2023-6634
03 Jan 2024 — The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. ... El complemento LearnPress para WordPress es vulnerable a la inyección de comandos en todas las versiones hasta la 4.2.5.7 incluida a través de la función get_content. • https://github.com/krn966/CVE-2023-6634 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-6946 – Autotitle for WordPress <= 1.0.3 - Settings Update to Stored XSS via CSRF
https://notcve.org/view.php?id=CVE-2023-6946
02 Jan 2024 — The Autotitle for WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. El complemento Autotitle para WordPress hasta la versión 1.0.3 no tiene activada la verificación CSRF al actualizar su configuración, lo que podría permitir a los atacantes hacer que un administrador que haya iniciado sesión los cambie mediante un ataque CSRF. The Autotitle for WordPress plugin... • https://magos-securitas.com/txt/CVE-2023-6946 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52181 – WordPress Theme per user Plugin <= 1.0.1 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-52181
29 Dec 2023 — The Theme per user plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 1.0.2 (exclusive) via deserialization of untrusted input. • https://patchstack.com/database/vulnerability/theme-per-user/wordpress-theme-per-user-plugin-1-0-1-unauthenticated-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52184 – WordPress WP Job Portal Plugin <= 2.0.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-52184
29 Dec 2023 — The WP Job Portal – A Complete Job Board plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. • https://patchstack.com/database/vulnerability/wp-job-portal/wordpress-wp-job-portal-plugin-2-0-6-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52119 – WordPress Icegram Plugin <= 3.1.18 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-52119
28 Dec 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.18. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building. Este problema afecta a Icegram Engage ... • https://patchstack.com/database/vulnerability/icegram/wordpress-icegram-engage-plugin-3-1-18-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52120 – WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-52120
28 Dec 2023 — The NEX-Forms – Ultimate Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.5.2. • https://patchstack.com/database/vulnerability/nex-forms-express-wp-form-builder/wordpress-nex-forms-plugin-8-5-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •