CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48755 – WordPress teachPress Plugin <= 9.0.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-48755
27 Nov 2023 — The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.4. • https://patchstack.com/database/vulnerability/teachpress/wordpress-teachpress-plugin-9-0-4-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40010 – WordPress HUSKY – Products Filter for WooCommerce (formerly WOOF) Plugin <= 1.3.4.2 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-40010
27 Nov 2023 — The HUSKY – Products Filter for WooCommerce (formerly WOOF) plugin for WordPress is vulnerable to generic SQL Injection via search terms in versions up to, and including, 1.3.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/woocommerce-products-filter/wordpress-husky-plugin-1-3-4-2-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2023-6360 – My Calendar <= 3.4.21 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2023-6360
26 Nov 2023 — The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection vulnerability in the 'from' and 'to' parameters in the '/my-calendar/v1/events' rest route. El complemento 'My Calendar' de WordPress, versión <3.4.22, se ve afectado por una vulnerabilidad de inyección SQL no autenticada en los parámetros 'desde' y 'hasta' en la ruta de descanso '/my-calendar/v1/events'. The My Calendar plugin for WordPress is vulnerable to [blind|generic|time-based]... • https://www.tenable.com/security/research/tra-2023-40 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48744 – WordPress Availability Calendar Plugin <= 1.2.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-48744
24 Nov 2023 — The Availability Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. • https://patchstack.com/database/vulnerability/availability-calendar/wordpress-availability-calendar-plugin-1-2-6-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-5882 – WP All Export (Free < 1.4.1, Pro < 1.8.6) - Remote Code Execution via CSRF
https://notcve.org/view.php?id=CVE-2023-5882
24 Nov 2023 — The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution. El complemento Export any WordPress data to XML/CSV de WordPress anterior a 1.4.0, el complemento WP All Export Pro de WordPress anterior a 1.8.6 no verifica los tokens nonce lo suf... • https://wpscan.com/vulnerability/72be4b5c-21be-46af-a3f4-08b4c190a7e2 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-5886 – WP All Export (Free < 1.4.1, Pro < 1.8.6) - Author+ PHAR Deserialization via CSRF
https://notcve.org/view.php?id=CVE-2023-5886
24 Nov 2023 — The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers with the ability to upload files to make logged in users perform unwanted actions leading to PHAR deserialization, which may lead to remote code execution. El complemento Export any WordPress data to XML/CSV de WordPress anterior a 1.4.0, el complemento WP All Export Pro... • https://wpscan.com/vulnerability/0a08e49d-d34e-4140-a15d-ad64444665a3 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6272 – Theme My Login 2FA < 1.2 - Lack of Rate Limiting
https://notcve.org/view.php?id=CVE-2023-6272
24 Nov 2023 — The Theme My Login 2FA WordPress plugin before 1.2 does not rate limit 2FA validation attempts, which may allow an attacker to brute-force all possibilities, which shouldn't be too long, as the 2FA codes are 6 digits. El complemento Theme My Login 2FA de WordPress anterior a 1.2 no limita los intentos de validación de 2FA, lo que puede permitir a un atacante forzar todas las posibilidades con fuerza bruta, lo que no debería ser demasiado largo, ya que los códigos 2FA son de 6 dígitos. • https://wpscan.com/vulnerability/a03243ea-fee7-46e4-8037-a228afc5297a • CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-693: Protection Mechanism Failure •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48279 – WordPress Seraphinite Post .DOCX Source Plugin <= 2.16.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-48279
23 Nov 2023 — The Seraphinite Post .DOCX Source plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.16.6. • https://patchstack.com/database/vulnerability/seraphinite-post-docx-source/wordpress-seraphinite-post-docx-source-plugin-2-16-6-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48281 – WordPress Broken Link Checker for YouTube Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-48281
23 Nov 2023 — The Broken Link Checker for YouTube plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3. • https://patchstack.com/database/vulnerability/broken-link-checker-for-youtube/wordpress-broken-link-checker-for-youtube-plugin-1-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48283 – WordPress Simple Testimonials Showcase Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-48283
23 Nov 2023 — The Simple Testimonials Showcase plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.6. • https://patchstack.com/database/vulnerability/simple-testimonials-showcase/wordpress-simple-testimonials-showcase-plugin-1-1-5-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •