CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45763 – WordPress Taggbox Plugin <= 2.9 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-45763
16 Oct 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Taggbox plugin <= 2.9 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Taggbox en versiones <= 2.9. Cross-Site Request Forgery (CSRF) vulnerability in Taggbox plugin <= 2.9 versions. • https://patchstack.com/database/vulnerability/taggbox-widget/wordpress-taggbox-ugc-galleries-social-media-widgets-user-reviews-analytics-plugin-2-9-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46067 – WordPress Rocket Font Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46067
16 Oct 2023 — The Rocket Font plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. • https://patchstack.com/database/vulnerability/rocket-font/wordpress-rocket-font-plugin-1-2-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46078 – WordPress Serial Numbers for WooCommerce – License Manager Plugin <= 1.6.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46078
16 Oct 2023 — The Serial Numbers for WooCommerce – License Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.3. • https://patchstack.com/database/vulnerability/wc-serial-numbers/wordpress-serial-numbers-for-woocommerce-license-manager-plugin-1-6-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46085 – WordPress Wp Ultimate Review Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46085
16 Oct 2023 — The Wp Ultimate Review plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. • https://patchstack.com/database/vulnerability/wp-ultimate-review/wordpress-wp-ultimate-review-plugin-2-2-4-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46087 – WordPress Who Hit The Page – Hit Counter Plugin <= 1.4.14.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46087
16 Oct 2023 — The Who Hit The Page – Hit Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.14.3. • https://patchstack.com/database/vulnerability/who-hit-the-page-hit-counter/wordpress-who-hit-the-page-hit-counter-plugin-1-4-14-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-5601 – WooCommerce Ninja Forms Product Add-ons < 1.7.1 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-5601
16 Oct 2023 — The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE. El complemento WooCommerce Ninja Forms Product Add-ons para WordPress anterior a 1.7.1 no valida el archivo que se va a cargar, lo que permite que cualquier usuario no autenticado cargue archivos arbitrarios en el servidor, lo que lleva a RCE. The WooCommerce Ninja Forms Product Add-ons p... • https://github.com/codeb0ss/CVE-2023-5601-PoC • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5602 – Social Media Share Buttons & Social Sharing Icons <= 2.8.5 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2023-5602
16 Oct 2023 — The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.5. ... El complemento Social Media Share Buttons & Social Sharing Icons para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en todas las versiones hasta la 2.8.5 incluida. • https://plugins.trac.wordpress.org/changeset/2975574/ultimate-social-media-icons/tags/2.8.6/libs/controllers/sfsi_buttons_controller.php?old=2956446&old_path=ultimate-social-media-icons%2Ftags%2F2.8.5%2Flibs%2Fcontrollers%2Fsfsi_buttons_controller.php • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2011-10004 – reciply Plugin uploadImage.php unrestricted upload
https://notcve.org/view.php?id=CVE-2011-10004
16 Oct 2023 — A vulnerability was found in reciply Plugin up to 1.1.7 on WordPress. ... Se encontró una vulnerabilidad en reciply Plugin en WordPress hasta 1.1.7. ... Eine Schwachstelle wurde in reciply Plugin bis 1.1.7 für WordPress ausgemacht. ... The Recip.ly Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in uploadImage.php in all versions up to, and including, 1.1.7. • https://github.com/wp-plugins/reciply/commit/e3ff616dc08d3aadff9253f1085e13f677d0c676 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45831 – WordPress AMP WP Plugin <= 1.5.15 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-45831
13 Oct 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Pixelative, Mohsin Rafique AMP WP – Google AMP For WordPress plugin <= 1.5.15 versions. Cross-Site Request Forgery (CSRF) vulnerability in Pixelative, Mohsin Rafique AMP WP – Google AMP For WordPress plugin <= 1.5.15 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Pixelative, Mohsin Rafique AMP WP – Complemento Google AMP para WordPress en versiones <= 1.5.15. The AMP WP plugin for WordPress is vulnerable to C... • https://patchstack.com/database/vulnerability/amp-wp/wordpress-amp-wp-google-amp-for-wordpress-plugin-1-5-15-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45836 – WordPress Ultimate Taxonomy Manager Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-45836
13 Oct 2023 — The Ultimate Taxonomy Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. • https://patchstack.com/database/vulnerability/ultimate-taxonomy-manager/wordpress-ultimate-taxonomy-manager-plugin-2-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •