CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36685 – WordPress CartFlows Pro Plugin <= 1.11.12 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-36685
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC CartFlows Pro allows Cross Site Request Forgery.This issue affects CartFlows Pro: from n/a through 1.11.12. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Brainstorm Force US LLC CartFlows Pro permite la Cross-Site Request Forgery. Este problema afecta a CartFlows Pro: desde n/a hasta 1.11.12. The CartFlows Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.12. This is due to missing or incorrect nonce validation on an unknown function. • https://patchstack.com/database/vulnerability/cartflows-pro/wordpress-cartflows-pro-plugin-1-11-12-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36682 – WordPress Schema Pro Plugin <= 2.7.7 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-36682
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC Schema Pro allows Cross Site Request Forgery.This issue affects Schema Pro: from n/a through 2.7.7. La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Brainstorm Force US LLC Schema Pro permite la Cross-Site Request Forgery. Este problema afecta a Schema Pro: desde n/a hasta 2.7.7. The Schema Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.7. This is due to missing or incorrect nonce validation. • https://patchstack.com/database/vulnerability/wp-schema-pro/wordpress-schema-pro-plugin-2-7-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46851 – WordPress Starter Templates Plugin <= 3.1.20 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-46851
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates plugin <= 3.1.20 versions. The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.20. This is due to missing or incorrect nonce validation on the add_to_favorite function. This makes it possible for unauthenticated attackers to set a Starter Template as favorite via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-elementor-wordpress-beaver-builder-templates-plugin-3-1-20-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25058 – WordPress Schema – All In One Schema Rich Snippets Plugin <= 1.6.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25058
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Schema – All In One Schema Rich Snippets plugin <= 1.6.5 versions. The Schema - All In One Schema Rich Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5. This is due to missing or incorrect nonce validation on the rich_snippet_dashboard function. This makes it possible for unauthenticated attackers to perform unauthorized configuration updates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/all-in-one-schemaorg-rich-snippets/wordpress-schema-all-in-one-schema-rich-snippets-plugin-1-6-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36656 – Spectra < 1.15.0 - Contributor+ Stored Cross-Side Scripting
https://notcve.org/view.php?id=CVE-2020-36656
The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks. The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.14.11 due to insufficient sanitizing of input in Gutenberg blocks. This makes it possible for contributors, or higher privileged users, to inject arbitrary web scripts that execute in a victim's browser. • https://wpscan.com/vulnerability/10f7e892-7a91-4292-b03e-6ad75756488b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •