CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33214 – WordPress Taggbox Plugin <= 3.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-33214
12 Oct 2023 — The Taggbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. • https://patchstack.com/database/vulnerability/taggbox-widget/wordpress-taggbox-ugc-galleries-social-media-widgets-user-reviews-analytics-plugin-2-9-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-5533 – AI ChatBot <= 4.8.9 and 4.9.2 - Missing Authorization on AJAX actions
https://notcve.org/view.php?id=CVE-2023-5533
11 Oct 2023 — The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. ... El complemento AI ChatBot para WordPress es vulnerable al uso no autorizado de acciones AJAX debido a la falta de comprobaciones de capacidad en las funciones correspondientes en versiones hasta la 4.8.9 y la 4.9.2 incluida. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail= • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45605 – WordPress Feed Statistics Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-45605
11 Oct 2023 — The Feed Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1. • https://patchstack.com/database/vulnerability/wordpress-feed-statistics/wordpress-feed-statistics-plugin-4-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45606 – WordPress Simple URLs Plugin <= 120 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-45606
11 Oct 2023 — The Simple URLs plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 120. • https://patchstack.com/database/vulnerability/simple-urls/wordpress-simple-urls-plugin-120-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45629 – WordPress Responsive Image Gallery, Gallery Album Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-45629
11 Oct 2023 — The Responsive Image Gallery, Gallery Album plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.3. • https://patchstack.com/database/vulnerability/gallery-album/wordpress-gallery-image-and-video-gallery-with-thumbnails-plugin-2-0-3-multiple-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45603 – WordPress User Submitted Posts Plugin <= 20230902 is vulnerable to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-45603
10 Oct 2023 — The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_attach_images function in versions up to, and including, 20230902. • https://patchstack.com/database/vulnerability/user-submitted-posts/wordpress-user-submitted-posts-plugin-20230902-unauthenticated-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 78%CPEs: 1EXPL: 10CVE-2023-5360 – Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-5360
09 Oct 2023 — The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE. El complemento Royal Elementor Addons and Templates de WordPress anterior a 1.3.79 no valida correctamente los archivos cargados, lo que podría permitir a usuarios no autenticados cargar archivos arbitrarios, como PHP y lograr RCE. The Royal Elementor Addons and Templates plugin for ... • http://packetstormsecurity.com/files/175992/WordPress-Royal-Elementor-Addons-And-Templates-Remote-Shell-Upload.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35911 – WordPress Contact Form Generator Plugin <= 2.6.0 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-35911
09 Oct 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Creative Solutions Contact Form Generator : Creative form builder for WordPress allows SQL Injection.This issue affects Contact Form Generator : Creative form builder for WordPress: from n/a through 2.6.0. La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Creative Solutions Contact Form Generator: el creador de formularios... • https://patchstack.com/database/vulnerability/contact-form-generator/wordpress-contact-form-generator-plugin-2-6-0-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40008 – WordPress Simple Org Chart Plugin <= 2.3.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-40008
06 Oct 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Gangesh Matta Simple Org Chart en versiones <= 2.3.4. Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions. • https://patchstack.com/database/vulnerability/simple-org-chart/wordpress-simple-org-chart-plugin-2-3-4-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10126 – Easy2Map Photos Plugin sql injection
https://notcve.org/view.php?id=CVE-2015-10126
06 Oct 2023 — A vulnerability classified as critical was found in Easy2Map Photos Plugin 1.0.1 on WordPress. ... Una vulnerabilidad fue encontrada en Easy2Map Photos Plugin 1.0.1 en WordPress y clasificada como crítica. ... In Easy2Map Photos Plugin 1.0.1 für WordPress wurde eine Schwachstelle entdeckt. • https://github.com/wp-plugins/easy2map-photos/commit/503d9ee2482d27c065f78d9546f076a406189908 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •