CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47649 – WordPress Best Restaurant Menu by PriceListo Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47649
07 Nov 2023 — The Best Restaurant Menu by PriceListo plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. • https://patchstack.com/database/vulnerability/best-restaurant-menu-by-pricelisto/wordpress-best-restaurant-menu-by-pricelisto-plugin-1-3-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47650 – WordPress Add Local Avatar Plugin <= 12.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47650
07 Nov 2023 — The Add Local Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 12.1. • https://patchstack.com/database/vulnerability/add-local-avatar/wordpress-add-local-avatar-plugin-12-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47651 – WordPress WP Links Page Plugin <= 4.9.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47651
07 Nov 2023 — The WP Links Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.9.4. • https://patchstack.com/database/vulnerability/wp-links-page/wordpress-wp-links-page-plugin-4-9-4-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47655 – WordPress ANAC XML Bandi di Gara Plugin <= 7.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47655
07 Nov 2023 — The ANAC XML Bandi di Gara plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.5. • https://patchstack.com/database/vulnerability/avcp/wordpress-anac-xml-bandi-di-gara-plugin-7-5-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47669 – WordPress Profile Builder Plugin <= 3.10.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47669
07 Nov 2023 — The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.10.3. • https://patchstack.com/database/vulnerability/profile-builder/wordpress-user-profile-builder-plugin-3-10-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47243 – WordPress MSHOP MY SITE Plugin <= 1.1.6 is vulnerable to Broken Access Control
https://notcve.org/view.php?id=CVE-2023-47243
07 Nov 2023 — The MSHOP MY SITE plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_settings function in versions up to, and including, 1.1.7. • https://patchstack.com/database/vulnerability/mshop-mysite/wordpress-mshop-my-site-plugin-1-1-6-broken-access-control-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41129 – WordPress Patreon WordPress Plugin <= 1.8.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-41129
07 Nov 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Patreon Patreon WordPress.This issue affects Patreon WordPress: from n/a through 1.8.6. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Patreon Patreon WordPress. Este problema afecta a Patreon WordPress: desde n/a hasta 1.8.6. The Patreon WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.7. • https://patchstack.com/database/vulnerability/patreon-connect/wordpress-patreon-wordpress-plugin-1-8-6-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47644 – WordPress ProfileGrid Plugin <= 5.6.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47644
07 Nov 2023 — The ProfileGrid plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.7.1. • https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-6-5-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38382 – WordPress Subscribe to Category Plugin <= 2.7.4 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-38382
06 Nov 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category allows SQL Injection.This issue affects Subscribe to Category: from n/a through 2.7.4. La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyección SQL') en Daniel Söderström / Sidney van de Stouwe Subscribe to Category permite la inyección SQL. Este problema afecta Subscribe to Category: desde... • https://patchstack.com/database/vulnerability/subscribe-to-category/wordpress-subscribe-to-category-plugin-2-7-4-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4922 – WPB Show Core <= 2.2 - Unauthenticated Local File Inclusion
https://notcve.org/view.php?id=CVE-2023-4922
06 Nov 2023 — The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the `path` parameter. El complemento WPB Show Core de WordPress hasta la versión 2.2 es vulnerable a la inclusión de un archivo local a través del parámetro `path`. The WPB Show Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2 via the 'path' parameter. • https://wpscan.com/vulnerability/968d87c0-af60-45ea-b34e-8551313cc8df • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •