CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5802 – WordPress WP Knowledgebase Plugin <= 1.3.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-5802
26 Oct 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Mihai Iova WordPress Knowledge base & Documentation Plugin – WP Knowledgebase plugin <= 1.3.4 versions. Cross-Site Request Forgery (CSRF) vulnerability in Mihai Iova WordPress Knowledge base & Documentation Plugin – WP Knowledgebase plugin <= 1.3.4 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Mihai Iova WordPress Knowledge base & Documentation – WP Knowledgebase en versiones <= 1.3.4. The WP Kno... • https://patchstack.com/database/vulnerability/wp-knowledgebase/wordpress-wp-knowledgebase-plugin-1-3-4-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5815 – News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Remote Code Execution via Local File Inclusion
https://notcve.org/view.php?id=CVE-2023-5815
26 Oct 2023 — The News & Blog Designer Pack – WordPress Blog Plugin — (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry) plugin for WordPress is vulnerable to Remote Code Execution via Local File Inclusion in all versions up to, and including, 3.4.1 via the bdp_get_more_post function hooked via a nopriv AJAX. ... El complemento News & Blog Designer Pack – WordPress Blog Plugin (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Po... • https://wordpress.org/plugins/blog-designer-pack • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5820 – Thumbnail Slider With Lightbox <= 1.0 - Cross-Site Request Forgery to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-5820
26 Oct 2023 — The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. ... El complemento Thumbnail Slider With Lightbox para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en la versión 1.0. • https://wordpress.org/plugins/wp-responsive-slider-with-lightbox • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5652 – WP Hotel Booking < 2.0.8 - Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2023-5652
26 Oct 2023 — The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admin_init, allowing unauthenticated users to perform SQL injections El complemento WP Hotel Booking de WordPress anterior a 2.0.8 no tiene autorización ni controles CSRF, y tampoco escapa a la entrada del usuario antes de usarlo en una declaración SQL de una función vinculada a admin_init, lo que permit... • https://wpscan.com/vulnerability/8ea46b9a-5239-476b-949d-49546371eac1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46618 – WordPress Category SEO Meta Tags Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46618
25 Oct 2023 — The Category SEO Meta Tags plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5. • https://patchstack.com/database/vulnerability/category-seo-meta-tags/wordpress-category-seo-meta-tags-plugin-2-5-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46619 – WordPress Spider Facebook Plugin <= 1.0.15 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46619
25 Oct 2023 — The Spider Facebook plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.15. • https://patchstack.com/database/vulnerability/spider-facebook/wordpress-wdsocialwidgets-plugin-1-0-15-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46620 – WordPress DeepL Pro API translation Plugin <= 2.3.9.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46620
25 Oct 2023 — The DeepL Pro API translation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.1.1. • https://patchstack.com/database/vulnerability/wpdeepl/wordpress-deepl-api-translation-plugin-2-3-6-6-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46625 – WordPress Autolinks Manager Plugin <= 1.10.04 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46625
25 Oct 2023 — The Autolinks Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.10.04. • https://patchstack.com/database/vulnerability/daext-autolinks-manager/wordpress-autolinks-manager-plugin-1-10-04-multiple-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46629 – WordPress Remove Add to Cart WooCommerce Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46629
25 Oct 2023 — The Remove Add to Cart WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. • https://patchstack.com/database/vulnerability/remove-add-to-cart-woocommerce/wordpress-remove-add-to-cart-woocommerce-plugin-1-4-4-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46636 – WordPress Custom Header Images Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46636
25 Oct 2023 — The Custom Header Images plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. • https://patchstack.com/database/vulnerability/custom-header-images/wordpress-custom-header-images-plugin-1-2-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •