CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6447 – EventPrime < 3.3.6 - Unauthenticated Event Access
https://notcve.org/view.php?id=CVE-2023-6447
The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name. El complemento EventPrime de WordPress anterior a 3.3.6 carece de autenticación y autorización, lo que permite a visitantes no autenticados acceder a eventos privados y protegidos con contraseña adivinando su identificación numérica/nombre del evento. The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in all versions up to, and including, 3.3.5. This makes it possible for unauthenticated attackers to retrieve password protected and private events. • https://wpscan.com/vulnerability/e366881c-d21e-4063-a945-95e6b080a373 • CWE-862: Missing Authorization •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50846 – WordPress RegistrationMagic Plugin <= 5.2.4.5 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-50846
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.4.5. Neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login. Este problema afecta a RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: desde n/a hasta 5.2.4.5. The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to and including 5.2.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-plugin-5-2-4-5-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47645 – WordPress RegistrationMagic Plugin <= 5.2.2.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47645
Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.2.6. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en RegistrationMagic RegistrationMagic: formularios de registro personalizados, registro de usuario, pago e inicio de sesión de usuario permite la Cross-Site Request Forgery. Este problema afecta a RegistrationMagic: formularios de registro personalizados, registro de usuario, pago e inicio de sesión de usuario: desde n/a hasta 5.2.2.6. The RegistrationMagic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.2.2.6. This is due to missing or incorrect nonce validation on an unknown function. • https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-plugin-5-2-2-6-delete-form-submission-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47644 – WordPress ProfileGrid Plugin <= 5.6.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47644
Cross-Site Request Forgery (CSRF) vulnerability in profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.6.6. Vulnerabilidad de Cross-Site Request Forger (CSRF) en perfilgrid ProfileGrid: User Profiles, Memberships, Groups and Communities. Este problema afecta a ProfileGrid: User Profiles, Memberships, Groups and Communities: desde n/a hasta 5.6.6. The ProfileGrid plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.7.1. This is due to missing nonce validation on an unknown function. • https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-6-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5519 – EventPrime < 3.2.0 - Booking Creation via CSRF
https://notcve.org/view.php?id=CVE-2023-5519
The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks. El complemento EventPrime WordPress anterior a 3.2.0 no tiene comprobaciones CSRF al crear reservas, lo que podría permitir a los atacantes hacer que los usuarios registrados creen reservas no deseadas a través de ataques CSRF. • https://wpscan.com/vulnerability/ce564628-3d15-4bc5-8b8e-60b71786ac19 • CWE-352: Cross-Site Request Forgery (CSRF) •