CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49751 – WordPress Block for Font Awesome Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-49751
04 Dec 2023 — The Block for Font Awesome plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.0. • https://patchstack.com/database/vulnerability/block-for-font-awesome/wordpress-block-for-font-awesome-plugin-1-3-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49759 – WordPress WooDiscuz – WooCommerce Comments Plugin <= 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-49759
04 Dec 2023 — The WooDiscuz – WooCommerce Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.0. • https://patchstack.com/database/vulnerability/woodiscuz-woocommerce-comments/wordpress-woodiscuz-woocommerce-comments-plugin-2-3-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49760 – WordPress WPsoonOnlinePage Plugin <= 1.9 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-49760
04 Dec 2023 — The WPsoonOnlinePage plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9. • https://patchstack.com/database/vulnerability/wp-soononline-page/wordpress-wpsoononlinepage-plugin-1-9-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49761 – WordPress Product Enquiry for WooCommerce Plugin <= 3.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-49761
04 Dec 2023 — The Product Enquiry for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0. • https://patchstack.com/database/vulnerability/gm-woocommerce-quote-popup/wordpress-product-enquiry-for-woocommerce-plugin-3-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49763 – WordPress CSprite Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-49763
04 Dec 2023 — The CSprite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. • https://patchstack.com/database/vulnerability/csprite/wordpress-csprite-plugin-1-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6220 – Piotnet Forms <= 1.0.28 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-6220
04 Dec 2023 — The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetforms_ajax_form_builder' function in versions up to, and including, 1.0.26. ... El complemento Piotnet Forms para WordPress es vulnerable a la carga de archivos arbitrarios debido a una validación insuficiente del tipo de archivo en la función 'piotnetforms_ajax_form_builder' en versiones hasta la 1.0.26 incluida. ... The Piotnet Forms plugin for WordPress
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6316 – MW WP Form <= 5.0.1 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-6316
04 Dec 2023 — The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the '_single_file_upload' function in versions up to, and including, 5.0.1. ... El complemento MW WP Form para WordPress es vulnerable a cargas de archivos arbitrarias debido a una validación insuficiente del tipo de archivo en la función '_single_file_upload' en versiones hasta la 5.0.1 incluida. • https://plugins.trac.wordpress.org/browser/mw-wp-form/tags/5.0.1/classes/models/class.file.php#L60 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49750 – WordPress Couponis Demo Plugin < 2.2 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-49750
04 Dec 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoonthemes Couponis - Affiliate & Submitting Coupons WordPress Theme.This issue affects Couponis - Affiliate & Submitting Coupons WordPress Theme: from n/a before 2.2. Neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Spoonthemes Couponis - Affiliate & Submitting Coupons WordPress Theme. Este problema afecta a Cou... • https://patchstack.com/database/vulnerability/couponis/wordpress-couponis-affiliate-submitting-coupons-wordpress-theme-theme-3-1-7-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49752 – WordPress Adifier System Plugin < 3.1.4 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-49752
04 Dec 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoon themes Adifier - Classified Ads WordPress Theme.This issue affects Adifier - Classified Ads WordPress Theme: from n/a before 3.1.4. La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Spoon themes Adifier - Classified Ads WordPress Theme. Este problema afecta a Adifier - Classified Ads WordPress Theme: de... • https://patchstack.com/database/vulnerability/adifier/wordpress-adifier-classified-ads-wordpress-theme-theme-3-9-3-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 1CVE-2023-5991 – Hotel Booking Lite < 4.8.5 - Unauthenticated Arbitrary File Download & Deletion
https://notcve.org/view.php?id=CVE-2023-5991
01 Dec 2023 — The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server El complemento Hotel Booking Lite WordPress anterior a 4.8.5 no valida las rutas de archivos proporcionadas a través de la entrada del usuario, y tampoco tiene CSRF ni controles de autorización adecuados, lo que permite a usuarios no autenticad... • https://wpscan.com/vulnerability/e9d35e36-1e60-4483-b8b3-5cbf08fcd49e • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •