CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45001 – WordPress Seriously Simple Stats Plugin <= 1.5.0 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-45001
03 Oct 2023 — The Seriously Simple Stats plugin for WordPress is vulnerable to SQL Injection via the order_by parameter in versions up to, and including, 1.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/seriously-simple-stats/wordpress-seriously-simple-stats-plugin-1-5-0-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45011 – WordPress WP Power Stats Plugin <= 2.2.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-45011
03 Oct 2023 — The WP Power Stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.3. • https://patchstack.com/database/vulnerability/wp-power-stats/wordpress-wp-power-stats-plugin-2-2-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45046 – WordPress Pressference Exporter Plugin <= 1.0.3 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-45046
03 Oct 2023 — The Pressference Exporter plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/pressference-exporter/wordpress-pressference-exporter-plugin-1-0-3-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45047 – WordPress LeadSquared Suite Plugin <= 0.7.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-45047
03 Oct 2023 — The LeadSquared Suite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.7.4. • https://patchstack.com/database/vulnerability/leadsquared-suite/wordpress-leadsquared-suite-plugin-0-7-4-cross-site-request-forgery-csrf-leading-to-form-deactivation-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45048 – WordPress Social proof testimonials and reviews by Repuso Plugin <= 5.00 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-45048
03 Oct 2023 — The Social proof testimonials and reviews by Repuso plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.01. • https://patchstack.com/database/vulnerability/social-testimonials-and-reviews-widget/wordpress-social-proof-testimonials-and-reviews-by-repuso-plugin-4-97-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45052 – WordPress WP Bing Map Pro Plugin < 5.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-45052
03 Oct 2023 — The WP Bing Map Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 4.1.4. • https://patchstack.com/database/vulnerability/api-bing-map-2018/wordpress-wp-bing-map-pro-plugin-5-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45055 – WordPress MStore API Plugin <= 4.0.6 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-45055
03 Oct 2023 — The MStore API plugin for WordPress is vulnerable to SQL Injection via the $name and $search variables in versions up to, and including, 4.0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/mstore-api/wordpress-mstore-api-plugin-4-0-6-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45058 – WordPress Short URL Plugin <= 1.6.8 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-45058
03 Oct 2023 — The Short URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.8. • https://patchstack.com/database/vulnerability/shorten-url/wordpress-short-url-plugin-1-6-8-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45060 – WordPress Interactive World Map Plugin <= 3.2.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-45060
03 Oct 2023 — The Interactive World Map plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.0. • https://patchstack.com/database/vulnerability/interactive-world-map/wordpress-interactive-world-map-plugin-3-2-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45063 – WordPress AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-45063
03 Oct 2023 — The AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.6. • https://patchstack.com/database/vulnerability/ai-content-writing-assistant/wordpress-ai-content-writing-assistant-content-writer-chatgpt-image-generator-all-in-one-plugin-1-1-5-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •