CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49148 – WordPress Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates Plugin <= 3.0.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-49148
28 Nov 2023 — The Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.5. • https://patchstack.com/database/vulnerability/affiliatebooster-blocks/wordpress-affiliate-booster-plugin-3-0-4-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49153 – WordPress Add to Cart Text Changer and Customize Button, Add Custom Icon Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-49153
28 Nov 2023 — The Add to Cart Text Changer and Customize Button, Add Custom Icon plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. • https://patchstack.com/database/vulnerability/woo-add-to-cart-text-change/wordpress-add-to-cart-text-changer-and-customize-button-add-custom-icon-plugin-2-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49155 – WordPress Button Generator – easily Button Builder Plugin <= 2.3.8 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-49155
28 Nov 2023 — The Button Generator – easily Button Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.8. • https://patchstack.com/database/vulnerability/button-generation/wordpress-button-generator-easily-button-builder-plugin-2-3-8-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49163 – WordPress teachPress Plugin <= 9.0.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-49163
28 Nov 2023 — The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.5. • https://patchstack.com/database/vulnerability/teachpress/wordpress-teachpress-plugin-9-0-5-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49164 – WordPress Ocean Extra Plugin <= 2.2.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-49164
28 Nov 2023 — The Ocean Extra plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.2. • https://patchstack.com/database/vulnerability/ocean-extra/wordpress-ocean-extra-plugin-2-2-2-csrf-leading-to-arbitrary-plugin-activation-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48760 – WordPress JetElements For Elementor plugin <= 2.6.13 - Unauthenticated Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-48760
28 Nov 2023 — Multiple plugins by Crocoblock for WordPress are vulnerable to unauthorized access due to a missing capability check on an unknown function in various versions. • https://patchstack.com/database/vulnerability/jet-elements/wordpress-jetelements-for-elementor-plugin-2-6-13-unauthenticated-broken-access-control-vulnerability? • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48762 – WordPress JetElements For Elementor Plugin <= 2.6.13 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-48762
28 Nov 2023 — Multiple plugins by Crocoblock for WordPress are vulnerable to Cross-Site Request Forgery in various versions. • https://patchstack.com/database/vulnerability/jet-elements/wordpress-jetelements-for-elementor-plugin-2-6-13-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48766 – WordPress SVGator – Add Animated SVG Easily Plugin <= 1.2.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-48766
28 Nov 2023 — The SVGator – Add Animated SVG Easily plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.4. • https://patchstack.com/database/vulnerability/svgator/wordpress-svgator-add-animated-svg-easily-plugin-1-2-4-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48768 – WordPress Quantity Plus Minus Button for WooCommerce by CodeAstrology Plugin <= 1.1.9 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-48768
28 Nov 2023 — The Quantity Plus Minus Button for WooCommerce by CodeAstrology plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. • https://patchstack.com/database/vulnerability/wc-quantity-plus-minus-button/wordpress-quantity-plus-minus-button-for-woocommerce-by-codeastrology-plugin-1-1-9-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48769 – WordPress Chat Bubble Plugin <= 2.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-48769
28 Nov 2023 — The Chat Bubble plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3. • https://patchstack.com/database/vulnerability/chat-bubble/wordpress-chat-bubble-plugin-2-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •