CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46638 – WordPress WCP OpenWeather Plugin <= 2.5.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46638
25 Oct 2023 — The WCP OpenWeather plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0. • https://patchstack.com/database/vulnerability/wcp-openweather/wordpress-wcp-openweather-plugin-2-5-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31077 – WordPress Export WP Page to Static HTML/CSS Plugin <= 2.1.9 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-31077
25 Oct 2023 — The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.9. • https://patchstack.com/database/vulnerability/export-wp-page-to-static-html/wordpress-export-wp-page-to-static-html-css-plugin-2-1-9-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47230 – WordPress Contact Forms by Cimatti Plugin <= 1.6.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47230
25 Oct 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.6.0 versions. Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.6.0 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Cimatti Consulting WordPress Contact Forms by Cimatti en versiones <= 1.6.0. The Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross... • https://patchstack.com/database/vulnerability/contact-forms/wordpress-wordpress-contact-forms-by-cimatti-plugin-1-6-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46614 – WordPress WP Helper Premium Plugin <= 4.5.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46614
24 Oct 2023 — The WP Helper Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.1. • https://patchstack.com/database/vulnerability/wp-helper-lite/wordpress-wp-helper-premium-plugin-4-5-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5823 – WordPress TK Google Fonts GDPR Compliant Plugin <= 2.2.11 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-5823
24 Oct 2023 — The TK Google Fonts GDPR Compliant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tk_google_fonts_add_font function in all versions up to, and including, 2.2.11. • https://patchstack.com/database/vulnerability/tk-google-fonts/wordpress-tk-google-fonts-gdpr-compliant-plugin-2-2-11-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46615 – WordPress KD Coming Soon Plugin <= 1.7 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-46615
24 Oct 2023 — The KD Coming Soon plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.7 via deserialization of untrusted input cetitle in the vulnerable kd_cemailer function. • https://patchstack.com/database/vulnerability/kd-coming-soon/wordpress-kd-coming-soon-plugin-1-7-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46202 – WordPress Auto Login New User After Registration Plugin <= 1.9.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46202
19 Oct 2023 — The Auto Login New User After Registration plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9.6. • https://patchstack.com/database/vulnerability/auto-login-new-user-after-registration/wordpress-auto-login-new-user-after-registration-plugin-1-9-6-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46204 – WordPress Duplicate Theme Plugin <= 0.1.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46204
19 Oct 2023 — The Duplicate Theme plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.6. • https://patchstack.com/database/vulnerability/duplicate-theme/wordpress-duplicate-theme-plugin-0-1-6-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35041 – WordPress Webpushr Plugin <= 4.34.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-35041
19 Oct 2023 — The Webpushr plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.34.0. • https://patchstack.com/database/vulnerability/webpushr-web-push-notifications/wordpress-web-push-notifications-webpushr-plugin-4-34-0-csrf-leading-to-lfi-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46189 – WordPress Google Calendar Events Plugin <= 3.2.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46189
18 Oct 2023 — The Google Calendar Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.5. • https://patchstack.com/database/vulnerability/google-calendar-events/wordpress-google-calendar-events-plugin-3-2-4-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •