CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4824 – WooHoo Newspaper Magazine Theme <= 2.5.3 - Settings Update via CSRF
https://notcve.org/view.php?id=CVE-2023-4824
27 Oct 2023 — The WooHoo Newspaper Magazine Theme theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.3. • https://wpscan.com/vulnerability/71c616ff-0a7e-4f6d-950b-79c469a28263 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5340 – Five Star Restaurant Menu and Food Ordering < 2.4.11 - Unauthenticated PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-5340
27 Oct 2023 — The Five Star Restaurant Menu and Food Ordering WordPress plugin before 2.4.11 unserializes user input via an AJAX action available to unauthenticated users, allowing them to perform PHP Object Injection when a suitable gadget is present on the blog. El complemento Five Star Restaurant Menu and Food Ordering de WordPress anterior a 2.4.11 deserializa la entrada del usuario a través de una acción AJAX disponible para usuarios no autenticados, lo que les permite realizar inyección de objetos PHP... • https://wpscan.com/vulnerability/91a5847a-62e7-4b98-a554-5eecb6a06e5b • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46776 – WordPress Auto Excerpt everywhere Plugin <= 1.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46776
27 Oct 2023 — The Auto Excerpt everywhere plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. • https://patchstack.com/database/vulnerability/auto-excerpt-everywhere/wordpress-auto-excerpt-everywhere-plugin-1-5-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-5640 – Article Analytics <= 1.0 - Unauthenticated SQL injection
https://notcve.org/view.php?id=CVE-2023-5640
27 Oct 2023 — The Article Analytics WordPress plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection vulnerability. El complemento Article Analytics de WordPress no sanitiza ni escapa adecuadamente un parámetro antes de usarlo en una declaración SQL a través de una acción AJAX disponible para usuarios no autenticados, lo que genera una vulnerabilidad de inyección SQL. The Article analytics ... • https://devl00p.github.io/posts/Injection-SQL-dans-le-plugin-Wordpress-Article-Analytics • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46775 – WordPress Original texts Yandex WebMaster Plugin <= 1.18 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46775
26 Oct 2023 — The Original texts Yandex WebMaster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.18. • https://patchstack.com/database/vulnerability/original-texts-yandex-webmaster/wordpress-original-texts-yandex-webmaster-plugin-1-18-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46777 – WordPress Feather Login Page Plugin <= 1.1.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46777
26 Oct 2023 — The Feather Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3. • https://patchstack.com/database/vulnerability/feather-login-page/wordpress-feather-login-page-plugin-1-1-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46778 – WordPress Auto Limit Posts Reloaded Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46778
26 Oct 2023 — The Auto Limit Posts Reloaded plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5. • https://patchstack.com/database/vulnerability/auto-limit-posts-reloaded/wordpress-auto-limit-posts-reloaded-plugin-2-5-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46779 – WordPress EasyRecipe Plugin <= 3.5.3251 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46779
26 Oct 2023 — The EasyRecipe plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3251. • https://patchstack.com/database/vulnerability/easyrecipe/wordpress-easyrecipe-plugin-3-5-3251-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46780 – WordPress Alter Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46780
26 Oct 2023 — The Alter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. • https://patchstack.com/database/vulnerability/alter/wordpress-alter-plugin-1-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46781 – WordPress Current Menu Item for Custom Post Types Plugin <= 1.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46781
26 Oct 2023 — The Current Menu Item for Custom Post Types plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. • https://patchstack.com/database/vulnerability/current-menu-item-for-custom-post-types/wordpress-current-menu-item-for-custom-post-types-plugin-1-5-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •