CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47666 – WordPress Code Snippets Plugin <= 3.5.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47666
06 Nov 2023 — The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.5.0. • https://patchstack.com/database/vulnerability/code-snippets/wordpress-code-snippets-plugin-3-5-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5974 – WPB Show Core <= 2.2 - Unauthenticated Server Side Request Forgery
https://notcve.org/view.php?id=CVE-2023-5974
06 Nov 2023 — The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter. El complemento WPB Show Core de WordPress hasta la versión 2.2 es vulnerable a server-side request forgery (SSRF) a través del parámetro `path`. The WPB Show Core plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2 via the 'path' parameter. • https://wpscan.com/vulnerability/c0136057-f420-4fe7-a147-ecbec7e7a9b5 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-47181 – WordPress Email Templates Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47181
03 Nov 2023 — Cross-Site Request Forgery (CSRF) vulnerability in wpexpertsio Email Templates Customizer and Designer for WordPress and WooCommerce email-templates allows Cross Site Request Forgery.This issue affects Email Templates Customizer and Designer for WordPress and WooCommerce: from n/a through 1.4.2. La vulnerabilidad de Cross-Site Request Forgery (CSRF) en wpexpertsio Email Templates Customizer and Designer para WordPress y WooCommerce permite Cross-Site Request Forgery (CSRF). Este problem... • https://patchstack.com/database/vulnerability/email-templates/wordpress-email-templates-plugin-1-4-2-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47238 – WordPress Top 10 Plugin <= 3.3.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47238
03 Nov 2023 — Cross-Site Request Forgery (CSRF) vulnerability in WebberZone Top 10 – WordPress Popular posts by WebberZone plugin <= 3.3.2 versions. Cross-Site Request Forgery (CSRF) vulnerability in WebberZone Top 10 – WordPress Popular posts by WebberZone plugin <= 3.3.2 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento WebberZone Top 10 – WordPress Popular posts by WebberZone en versiones <= 3.3.2. The Top 10 – WordPress Popular posts by WebberZone plugin fo... • https://patchstack.com/database/vulnerability/top-10/wordpress-top-10-plugin-3-3-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48284 – WordPress Decorator – WooCommerce Email Customizer Plugin <= 1.2.7 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-48284
02 Nov 2023 — The Decorator – WooCommerce Email Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.7. • https://patchstack.com/database/vulnerability/decorator-woocommerce-email-customizer/wordpress-decorator-woocommerce-email-customizer-plugin-1-2-7-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47186 – WordPress Kadence WooCommerce Email Designer Plugin <= 1.5.11 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47186
02 Nov 2023 — The Kadence WooCommerce Email Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.11. • https://patchstack.com/database/vulnerability/kadence-woocommerce-email-designer/wordpress-kadence-woocommerce-email-designer-plugin-1-5-11-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47237 – WordPress WP Google My Business Auto Publish Plugin <= 3.7 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47237
02 Nov 2023 — The Auto Publish for Google My Business plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.7. • https://patchstack.com/database/vulnerability/wp-google-my-business-auto-publish/wordpress-auto-publish-for-google-my-business-plugin-3-7-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5822 – Drag and Drop Multiple File Upload - Contact Form 7 <= 1.3.7.3 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-5822
01 Nov 2023 — The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'dnd_upload_cf7_upload' function in versions up to, and including, 1.3.7.3. ... El complemento Drag and Drop Multiple File Upload - Contact Form 7 para WordPress es vulnerable a cargas de archivos arbitrarias debido a una validación insuficiente del tipo de archivo en la función 'dnd_upload_cf7_upload' en versiones hasta la 1.3.7.3 inc... • https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/tags/1.3.7.2/inc/dnd-upload-cf7.php#L828 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47182 – WordPress Login Screen Manager Plugin <= 3.5.2 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-47182
31 Oct 2023 — The Login Screen Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.2. • https://patchstack.com/database/vulnerability/login-screen-manager/wordpress-login-screen-manager-plugin-3-5-2-unauth-stored-cross-site-scripting-xss-via-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-5843 – Ads by datafeedr.com <= 1.1.3 - Unauthenticated (Limited) Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-5843
30 Oct 2023 — The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads' function. ... El complemento Ads by datafeedr.com para WordPress es vulnerable a la ejecución remota de código en versiones hasta la 1.1.3 incluida a través de la función 'dfads_ajax_load_ads'. • https://github.com/codeb0ss/CVE-2023-5843-PoC • CWE-94: Improper Control of Generation of Code ('Code Injection') •