CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49855 – WordPress BC Menu Bar Cart Icon For WooCommerce By Binary Carpenter Plugin <= 1.49.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-49855
07 Dec 2023 — The BC Menu Bar Cart Icon For WooCommerce By Binary Carpenter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.49.3. • https://patchstack.com/database/vulnerability/bc-menu-cart-woo/wordpress-bc-menu-bar-cart-icon-for-woocommerce-by-binary-carpenter-plugin-1-49-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50372 – WordPress Custom Post Type Page Template Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-50372
07 Dec 2023 — The Custom Post Type Page Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. • https://patchstack.com/database/vulnerability/custom-post-type-page-template/wordpress-custom-post-type-page-template-plugin-1-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49840 – WordPress Multi Currency For WooCommerce Plugin <= 1.5.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-49840
06 Dec 2023 — The Multi Currency For WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.5. • https://patchstack.com/database/vulnerability/wc-multi-currency/wordpress-multi-currency-for-woocommerce-plugin-1-5-5-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49843 – WordPress First Order Discount Woocommerce Plugin <= 1.21 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-49843
06 Dec 2023 — The First Order Discount Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.21. • https://patchstack.com/database/vulnerability/first-order-discount-woocommerce/wordpress-first-order-discount-woocommerce-plugin-1-21-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49844 – WordPress WPPerformanceTester Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-49844
06 Dec 2023 — The WPPerformanceTester plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.0. • https://patchstack.com/database/vulnerability/wpperformancetester/wordpress-wpperformancetester-plugin-2-0-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49769 – WordPress Integrate Google Drive Plugin <= 1.3.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-49769
05 Dec 2023 — The Integrate Google Drive plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.4. • https://patchstack.com/database/vulnerability/integrate-google-drive/wordpress-integrate-google-drive-plugin-1-3-4-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49772 – WordPress Genesis Simple Love Plugin <= 2.0 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-49772
05 Dec 2023 — The Genesis Simple Love plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0 via deserialization of untrusted input. • https://patchstack.com/database/vulnerability/genesis-simple-love/wordpress-genesis-simple-love-plugin-2-0-unauthenticated-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49773 – WordPress BCorp Shortcodes Plugin <= 0.23 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-49773
05 Dec 2023 — The BCorp Shortcodes plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.23 via deserialization of untrusted input. • https://patchstack.com/database/vulnerability/bcorp-shortcodes/wordpress-bcorp-shortcodes-plugin-0-23-unauthenticated-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49775 – WordPress CSV Importer Plugin <= 0.3.8 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-49775
05 Dec 2023 — The CSV Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.3.8. • https://patchstack.com/database/vulnerability/csv-importer/wordpress-csv-importer-plugin-0-3-8-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49778 – WordPress Sayfa Sayaç Plugin <= 2.6 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-49778
05 Dec 2023 — The Sayfa Sayac plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6 via deserialization of untrusted input. • https://patchstack.com/database/vulnerability/sayfa-sayac/wordpress-sayfa-sayac-plugin-2-6-unauthenticated-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •