CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48772 – WordPress Prevent Landscape Rotation Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-48772
28 Nov 2023 — The Prevent Landscape Rotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. • https://patchstack.com/database/vulnerability/prevent-landscape-rotation/wordpress-prevent-landscape-rotation-plugin-2-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48773 – WordPress WooCommerce Login Redirect Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-48773
28 Nov 2023 — The WooCommerce Login Redirect plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.4. • https://patchstack.com/database/vulnerability/woo-login-redirect/wordpress-woo-login-redirect-plugin-2-2-4-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48778 – WordPress Product Size Chart For WooCommerce Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-48778
28 Nov 2023 — The Product Size Chart For WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.5. • https://patchstack.com/database/vulnerability/product-size-chart-for-woo/wordpress-product-size-chart-for-woocommerce-plugin-1-1-5-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48781 – WordPress MkRapel Regiones y Ciudades de Chile para WC Plugin <= 4.3.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-48781
28 Nov 2023 — The MkRapel Regiones y Ciudades de Chile para WC plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.0. • https://patchstack.com/database/vulnerability/wc-ciudades-y-regiones-de-chile/wordpress-mkrapel-regiones-y-ciudades-de-chile-para-wc-plugin-4-3-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46617 – WordPress AdFoxly – Ad Manager, AdSense Ads & Ads.txt Plugin <= 1.8.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46617
28 Nov 2023 — The AdFoxly – Ad Manager, AdSense Ads & Ads.txt plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.5. • https://patchstack.com/database/vulnerability/adfoxly/wordpress-adfoxly-ad-manager-adsense-ads-ads-txt-plugin-1-8-5-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5803 – WordPress Business Directory Plugin Plugin <= 6.3.10 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-5803
28 Nov 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Business Directory Team Business Directory Plugin – Easy Listing Directories for WordPress allows Cross-Site Request Forgery.This issue affects Business Directory Plugin – Easy Listing Directories for WordPress: from n/a through 6.3.10. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Business Directory Team Business Directory Plugin – Easy Listing Directories for WordPress permite Cross-Site Request Forgery. Este problema afecta ... • https://patchstack.com/database/vulnerability/business-directory-plugin/wordpress-business-directory-plugin-easy-listing-directories-for-wordpress-plugin-6-3-10-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5604 – Asgaros Forum < 2.7.1 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-5604
27 Nov 2023 — The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files (e.g. .php, .phtml), potentially leading to remote code execution. El complemento Asgaros Forum de WordPress anterior a 2.7.1 permite a los administradores del foro, que pueden no ser (super)administradores de WordPress, establecer una configuración insegura que permi... • https://wpscan.com/vulnerability/4ce69d71-87bf-4d95-90f2-63d558c78b69 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47645 – WordPress RegistrationMagic Plugin <= 5.2.2.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47645
27 Nov 2023 — The RegistrationMagic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.2.2.6. • https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-plugin-5-2-2-6-delete-form-submission-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48751 – WordPress Participants Database Plugin <= 2.5.5 is vulnerable to Broken Access Control
https://notcve.org/view.php?id=CVE-2023-48751
27 Nov 2023 — The Participants Database plugin for WordPress is vulnerable to unauthorized manipulation of data due to a missing capability check on several functions hooked via admin-post in all versions up to, and including, 2.5.5. • https://patchstack.com/database/vulnerability/participants-database/wordpress-participants-database-plugin-2-5-5-broken-access-control-vulnerability • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48754 – WordPress Delete Post Revisions In WordPress Plugin <= 4.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-48754
27 Nov 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Wap Nepal Delete Post Revisions In WordPress allows Cross Site Request Forgery.This issue affects Delete Post Revisions In WordPress: from n/a through 4.6. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Wap Nepal Delete Post Revisions In WordPress permite Cross-Site Request Forgery. Este problema afecta a Delete Post Revisions In WordPress: desde n/a hasta 4.6. The delete-post-revisions-on-single-click theme for WordPr... • https://patchstack.com/database/vulnerability/delete-post-revisions-on-single-click/wordpress-delete-post-revisions-in-wordpress-plugin-4-6-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •