CVE-2023-51411 – WordPress Frontend Admin by DynamiApps Plugin <= 3.18.3 is vulnerable to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-51411
27 Dec 2023 — The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_add_attachment' function in all versions up to, and including, 3.18.3. • https://patchstack.com/database/vulnerability/acf-frontend-form-element/wordpress-frontend-admin-by-dynamiapps-plugin-3-18-3-unauthenticated-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2023-51412 – WordPress Piotnet Forms Plugin <= 1.0.25 is vulnerable to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-51412
27 Dec 2023 — The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'piotnetforms_ajax_form_builder' function in all versions up to, and including, 1.0.28. • https://patchstack.com/database/vulnerability/piotnetforms/wordpress-piotnetforms-plugin-1-0-25-unauthenticated-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2023-51414 – WordPress EnvíaloSimple Plugin <= 2.1 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-51414
27 Dec 2023 — The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.1 via deserialization of untrusted input. • https://patchstack.com/database/vulnerability/envialosimple-email-marketing-y-newsletters-gratis/wordpress-envialosimple-plugin-2-1-unauthenticated-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVE-2023-51419 – WordPress BERTHA AI Plugin <= 1.11.10.7 is vulnerable to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-51419
27 Dec 2023 — Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n/a through 1.11.10.7. ... Your AI co-pilot for WordPress and Chrome. ... Your AI co-pilot for WordPress and Chrome: desde n/a hasta 1.11.10.7. ... Your AI co-pilot for WordPress and Chrome plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bthai_wa_translate_audio_callback' function in all vers... • https://patchstack.com/database/vulnerability/bertha-ai-free/wordpress-bertha-ai-plugin-1-11-10-7-unauthenticated-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2023-51468 – WordPress Rencontre – Dating Site Plugin <= 3.10.1 is vulnerable to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-51468
27 Dec 2023 — The Rencontre – Dating Site plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 3.10.1. • https://patchstack.com/database/vulnerability/rencontre/wordpress-rencontre-plugin-3-10-1-unauthenticated-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2023-51473 – WordPress TerraClassifieds Plugin <= 2.0.3 is vulnerable to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-51473
27 Dec 2023 — The TerraClassifieds – Simple Classifieds Plugin plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.0.3. • https://patchstack.com/database/vulnerability/terraclassifieds/wordpress-terraclassifieds-plugin-2-0-3-unauthenticated-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2023-51475 – WordPress WP MLM Unilevel Plugin <= 4.0 is vulnerable to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-51475
27 Dec 2023 — The WP MLM SOFTWARE PLUGIN plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 4.0. • https://patchstack.com/database/vulnerability/wp-mlm/wordpress-wp-mlm-unilevel-plugin-4-0-unauthenticated-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2023-51505 – WordPress Active Products Tables for WooCommerce Plugin <= 1.0.6 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-51505
27 Dec 2023 — The Active Products Tables for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.6 via deserialization of untrusted input. • https://patchstack.com/database/vulnerability/profit-products-tables-for-woocommerce/wordpress-active-products-tables-for-woocommerce-plugin-1-0-6-unauthenticated-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVE-2023-51545 – WordPress Job Manager & Career Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) leading to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-51545
27 Dec 2023 — The Job Manager & Career – Manage job board listings, and recruitments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.4. • https://patchstack.com/database/vulnerability/job-manager-career/wordpress-job-manager-career-plugin-1-4-4-cross-site-request-forgery-csrf-to-php-object-injection-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) CWE-502: Deserialization of Untrusted Data •
CVE-2023-51423 – WordPress WebinarIgnition Plugin <= 3.05.0 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-51423
27 Dec 2023 — The Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to, and including, 3.05.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/webinar-ignition/wordpress-webinarignition-plugin-3-05-0-unauthenticated-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •