CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49830 – WordPress Astra Pro Plugin <= 4.3.1 is vulnerable to Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2023-49830
Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1. Vulnerabilidad de control inadecuado de generación de código ("inyección de código") en Brainstorm Force Astra Pro. Este problema afecta a Astra Pro: desde n/a hasta 4.3.1. The Astra Pro Addon plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.3.1 via the ast-advanced-hook-php-code meta field. This makes it possible for authenticated attackers, with contributor access and above, to execute code on the server. • https://patchstack.com/database/vulnerability/astra-addon/wordpress-astra-pro-plugin-4-3-1-contributor-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46211 – WordPress Ultimate Addons for WPBakery Page Builder Plugin <= 3.19.14 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-46211
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder plugin <= 3.19.14 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Almacenado autenticado (con permisos de colaborador o superiores) en el complemento Brainstorm Force Ultimate Addons for WPBakery Page Builder en versiones <= 3.19.14. The Ultimate Addons for WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.19.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/ultimate_vc_addons/wordpress-ultimate-addons-for-wpbakery-page-builder-plugin-3-19-14-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41804 – WordPress Starter Templates Plugin <= 3.2.4 is vulnerable to Server Side Request Forgery (SSRF)
https://notcve.org/view.php?id=CVE-2023-41804
Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4. Vulnerabilidad de Server-Side Request Forgery (SSRF) en Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates. Este problema afecta a Starter Templates — Elementor, WordPress & Beaver Builder Templates: desde n/a hasta 3.2.4. The Starter Templates (free and premium) plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.2.4 via the remote_request. This can allow authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. • https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36685 – WordPress CartFlows Pro Plugin <= 1.11.12 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-36685
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC CartFlows Pro allows Cross Site Request Forgery.This issue affects CartFlows Pro: from n/a through 1.11.12. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Brainstorm Force US LLC CartFlows Pro permite la Cross-Site Request Forgery. Este problema afecta a CartFlows Pro: desde n/a hasta 1.11.12. The CartFlows Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.12. This is due to missing or incorrect nonce validation on an unknown function. • https://patchstack.com/database/vulnerability/cartflows-pro/wordpress-cartflows-pro-plugin-1-11-12-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36682 – WordPress Schema Pro Plugin <= 2.7.7 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-36682
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC Schema Pro allows Cross Site Request Forgery.This issue affects Schema Pro: from n/a through 2.7.7. La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Brainstorm Force US LLC Schema Pro permite la Cross-Site Request Forgery. Este problema afecta a Schema Pro: desde n/a hasta 2.7.7. The Schema Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.7. This is due to missing or incorrect nonce validation. • https://patchstack.com/database/vulnerability/wp-schema-pro/wordpress-schema-pro-plugin-2-7-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •