CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2440 – UserPro <= 5.1.1 - Cross-Site Request Forgery to Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-2440
21 Nov 2023 — The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. ... El complemento UserPro para WordPress es vulnerable a la Cross-Site Request Forgery en versiones hasta la 5.1.1 incluida. • https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2449 – UserPro <= 5.1.1 - Insecure Password Reset Mechanism
https://notcve.org/view.php?id=CVE-2023-2449
21 Nov 2023 — The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. ... El complemento UserPro para WordPress es vulnerable a restablecimientos de contraseña no autorizados en versiones hasta la 5.1.1 incluida. ... WordPress UserPro plugin versions 5.1.1 and below suffer from an insecure password reset mechanism, information disclosure, and authentication bypass vulnerabilities. • http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html • CWE-620: Unverified Password Change •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5776 – Post Meta Data Manager <= 1.2.1 - Cross-Site Request Forgery to Post, Term, and User Meta Deletion
https://notcve.org/view.php?id=CVE-2023-5776
20 Nov 2023 — The Post Meta Data Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. ... El complemento Post Meta Data Manager para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 1.2.1 incluida. • https://plugins.svn.wordpress.org/post-meta-data-manager/tags/1.2.1/readme.txt • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6196 – Audio Merchant <= 5.0.4 - Cross-Site Request Forgery to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-6196
17 Nov 2023 — The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. ... El complemento Audio Merchant para WordPress es vulnerable a la Cross-Site Request Forgery en todas las versiones hasta la 5.0.4 incluida. • https://plugins.trac.wordpress.org/browser/audio-merchant/trunk/audio-merchant.php#L1298 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39925 – WordPress Community by PeepSo Plugin <= 6.1.6.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-39925
16 Nov 2023 — The Community by PeepSo plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.1.6.0. • https://patchstack.com/database/vulnerability/peepso-core/wordpress-peepso-plugin-6-1-6-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4214 – AppPresser <= 4.2.5 - Insecure Password Reset Mechanism
https://notcve.org/view.php?id=CVE-2023-4214
16 Nov 2023 — The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. ... El complemento AppPresser para WordPress es vulnerable a restablecimientos de contraseña no autorizados en versiones hasta la 4.2.5 incluida. • https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_API_Limit.php?rev=2997182 • CWE-620: Unverified Password Change CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47791 – WordPress Leadster Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47791
16 Nov 2023 — The Leadster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. • https://patchstack.com/database/vulnerability/leadster-marketing-conversaciona/wordpress-leadster-plugin-1-1-2-cross-site-request-forgery-csrf-vulnerability-2? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47819 – WordPress Easy Call Now by ThikShare Plugin <= 1.1.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47819
16 Nov 2023 — The Easy Call Now by ThikShare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0. • https://patchstack.com/database/vulnerability/easy-call-now/wordpress-easy-call-now-by-thikshare-plugin-1-1-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47824 – WordPress Legal Pages Plugin <= 1.3.8 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47824
16 Nov 2023 — The Legal Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.8. • https://patchstack.com/database/vulnerability/legal-pages/wordpress-legal-pages-plugin-1-3-8-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47825 – WordPress WP EXtra Plugin <= 6.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47825
16 Nov 2023 — The WP EXtra plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.4. • https://patchstack.com/database/vulnerability/wp-extra/wordpress-wp-extra-plugin-6-4-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •