CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49815 – WordPress WappPress plugin <= 5.0.3 - Unauthenticated Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2023-49815
05 Dec 2023 — The WappPress – Create Mobile App for any WordPress site with our Mobile App Builder in just 1 minute plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 5.0.3. • https://patchstack.com/database/vulnerability/wapppress-builds-android-app-for-website/wordpress-wapppress-plugin-5-0-3-unauthenticated-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49816 – WordPress Fix My Feed RSS Repair Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-49816
05 Dec 2023 — The Fix My Feed RSS Repair plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4. • https://patchstack.com/database/vulnerability/fix-my-feed-rss-repair/wordpress-fix-my-feed-rss-repair-plugin-1-4-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49821 – WordPress LiveChat Plugin <= 4.5.15 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-49821
05 Dec 2023 — Cross-Site Request Forgery (CSRF) vulnerability in LiveChat LiveChat – WP live chat plugin for WordPress.This issue affects LiveChat – WP live chat plugin for WordPress: from n/a through 4.5.15. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en LiveChat LiveChat – WP live chat plugin for WordPress. Este problema afecta a LiveChat – WP live chat plugin for WordPress: desde n/a hasta 4.5.15. The LiveChat plugin for WordPress is vulnerable to Cross-Site Request Forgery in versi... • https://patchstack.com/database/vulnerability/wp-live-chat-software-for-wordpress/wordpress-livechat-plugin-4-5-15-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49824 – WordPress Product Catalog Feed by PixelYourSite Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-49824
05 Dec 2023 — The Product Catalog Feed by PixelYourSite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. • https://patchstack.com/database/vulnerability/product-catalog-feed/wordpress-product-catalog-feed-by-pixelyoursite-plugin-2-1-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49834 – WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.1.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-49834
05 Dec 2023 — The WOOCS – WooCommerce Currency Switcher plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.1.4. • https://patchstack.com/database/vulnerability/woocommerce-currency-switcher/wordpress-fox-currency-switcher-professional-for-woocommerce-plugin-1-4-1-4-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49776 – WordPress Sayfa Sayaç Plugin <= 2.6 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-49776
05 Dec 2023 — The Sayfa Sayaç plugin for WordPress is vulnerable to SQL Injection via the in versions up to, and including, 2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/sayfa-sayac/wordpress-sayfa-sayac-plugin-2-6-unauthenticated-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49819 – WordPress Structured Content Plugin <= 1.5.3 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-49819
05 Dec 2023 — The Structured Content (JSON-LD) #wpsc plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.3 via deserialization of untrusted input. • https://patchstack.com/database/vulnerability/structured-content/wordpress-structured-content-json-ld-wpsc-plugin-1-5-3-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49826 – WordPress Soledad Theme <= 8.4.1 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-49826
05 Dec 2023 — Deserialization of Untrusted Data vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1. Vulnerabilidad de deserialización de datos no confiables en PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme. Este problema afecta a Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress... • https://patchstack.com/database/vulnerability/soledad/wordpress-soledad-theme-8-4-1-unauthenticated-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49744 – WordPress Gift Up Gift Cards for WordPress and WooCommerce Plugin <= 2.21.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-49744
04 Dec 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Gift Up Gift Up Gift Cards for WordPress and WooCommerce.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through 2.21.3. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Gift Up Gift Up Gift Cards para WordPress y WooCommerce. Este problema afecta a Gift Up Gift Cards para WordPress y WooCommerce: desde n/a hasta 2.21.3. The Gift Up Gift Cards for WordPress and WooCommerce plugin for ... • https://patchstack.com/database/vulnerability/gift-up/wordpress-gift-up-gift-cards-for-wordpress-and-woocommerce-plugin-2-21-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49749 – WordPress SureTriggers Plugin <= 1.0.23 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-49749
04 Dec 2023 — The SureTriggers plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.23. • https://patchstack.com/database/vulnerability/suretriggers/wordpress-suretriggers-plugin-1-0-23-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •