CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-6532 – WP Blogs' Planetarium <= 1.0 - Settings Update via CSRF
https://notcve.org/view.php?id=CVE-2023-6532
13 Nov 2023 — The WP Blogs' Planetarium WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack El complemento WP Blogs' Planetarium de WordPress hasta la versión 1.0 no tiene activada la verificación CSRF al actualizar su configuración, lo que podría permitir a los atacantes hacer que un administrador que haya iniciado sesión los cambie mediante un ataque CSRF. The WP Blogs' Planetari... • https://magos-securitas.com/txt/CVE-2023-6532.txt • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47757 – WordPress AWeber Plugin <= 7.3.9 is vulnerable to Broken Access Control
https://notcve.org/view.php?id=CVE-2023-47757
13 Nov 2023 — The AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked by AJAX actions in all versions up to, and including, 7.3.9. • https://patchstack.com/database/vulnerability/aweber-web-form-widget/wordpress-aweber-plugin-7-3-9-broken-access-control-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5952 – Welcart e-Commerce < 2.9.5 - Unauthenticated PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-5952
10 Nov 2023 — The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog El complemento Welcart e-Commerce de WordPress anterior a 2.9.5 deserializa la entrada del usuario a través de cookies, lo que podría permitir a usuarios no autenticados realizar inyección de objetos PHP cuando hay un gadget adecuado presente en el blog. The Welcart e-Commerce plugin for ... • https://wpscan.com/vulnerability/0acd613e-dbd6-42ae-9f3d-6d6e77a4c1b7 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47685 – WordPress Preloader Matrix Plugin <= 2.0.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47685
09 Nov 2023 — The Preloader Matrix plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.1. • https://patchstack.com/database/vulnerability/matrix-pre-loader/wordpress-preloader-matrix-plugin-2-0-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47686 – WordPress Arigato Autoresponder and Newsletter Plugin <= 2.7.2.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47686
09 Nov 2023 — The Arigato Autoresponder and Newsletter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.2.2. • https://patchstack.com/database/vulnerability/bft-autoresponder/wordpress-arigato-autoresponder-and-newsletter-plugin-2-7-2-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47687 – WordPress Woo Custom and Sequential Order Number Plugin <= 2.6.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47687
09 Nov 2023 — The Woo Custom and Sequential Order Number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.0. • https://patchstack.com/database/vulnerability/woo-custom-and-sequential-order-number/wordpress-woo-custom-and-sequential-order-number-plugin-2-6-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47688 – WordPress Youtube SpeedLoad Plugin <= 0.6.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47688
09 Nov 2023 — The Youtube SpeedLoad plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.3. • https://patchstack.com/database/vulnerability/youtube-speedload/wordpress-youtube-speedload-plugin-0-6-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47664 – WordPress Plainview Protect Passwords Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47664
08 Nov 2023 — The Plainview Protect Passwords plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4. • https://patchstack.com/database/vulnerability/plainview-protect-passwords/wordpress-plainview-protect-passwords-plugin-1-4-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47667 – WordPress WP Full Stripe Free plugin <= 7.0.16 - Cross Site Request Forgery (CSRF) vulnerability on every Setting Save
https://notcve.org/view.php?id=CVE-2023-47667
08 Nov 2023 — The WP Full Stripe Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.0.17. • https://patchstack.com/database/vulnerability/wp-full-stripe-free/wordpress-wp-full-stripe-free-plugin-1-6-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47670 – WordPress Korea SNS Plugin <= 1.6.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47670
08 Nov 2023 — The Korea SNS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.4. • https://patchstack.com/database/vulnerability/korea-sns/wordpress-korea-sns-plugin-1-6-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •