CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44257 – WordPress Mang Board WP Plugin <= 1.7.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-44257
27 Sep 2023 — The Mang Board WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. • https://patchstack.com/database/vulnerability/mangboard/wordpress-mang-board-wp-plugin-1-7-6-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44259 – WordPress Mediavine Control Panel Plugin <= 2.10.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-44259
27 Sep 2023 — The Mediavine Control Panel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.10.2. • https://patchstack.com/database/vulnerability/mediavine-control-panel/wordpress-mediavine-control-panel-plugin-2-10-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44260 – WordPress Woocommerce ESTO Plugin <= 2.23.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-44260
27 Sep 2023 — The Woocommerce ESTO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.23.1. • https://patchstack.com/database/vulnerability/woo-esto/wordpress-woocommerce-esto-plugin-2-23-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44261 – WordPress Block Plugin Update Plugin <= 3.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-44261
27 Sep 2023 — The Block Plugin Update plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.1. • https://patchstack.com/database/vulnerability/block-specific-plugin-updates/wordpress-block-plugin-update-plugin-3-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4920 – BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-4920
25 Sep 2023 — The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. ... BEAR para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en versiones hasta la 1.1.3.3 incluida. • https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/index.php#L805 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49197 – WordPress DoFollow Case by Case Plugin <= 3.4.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-49197
22 Sep 2023 — The DoFollow Case by Case plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.2. • https://patchstack.com/database/vulnerability/dofollow-case-by-case/wordpress-dofollow-case-by-case-plugin-3-4-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44146 – WordPress Checkfront Online Booking System Plugin <= 3.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-44146
21 Sep 2023 — The Checkfront Online Booking System plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6. • https://patchstack.com/database/vulnerability/checkfront-wp-booking/wordpress-checkfront-online-booking-system-plugin-3-6-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-4402 – Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via products
https://notcve.org/view.php?id=CVE-2023-4402
13 Sep 2023 — The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. ... El complemento Essential Blocks para WordPress es vulnerable a la inyección de objetos PHP en versiones hasta la 4.2.0 incluida a través de la deserialización de entradas que no son de confianza en la función get_products. ... WordPress Essential Blocks plugin versions 4.2.0 and below and Essentia... • https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/API/Product.php?rev=2950425#L49 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4916 – Login with phone number <= 1.5.6 - Cross-Site Request Forgery to User Password Change
https://notcve.org/view.php?id=CVE-2023-4916
12 Sep 2023 — The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.6. ... El complemento de Login with phone number para WordPress es vulnerable a Cross-Site Request Forgery en versiones hasta la 1.5.6 incluida. • https://plugins.trac.wordpress.org/browser/login-with-phone-number/trunk/login-with-phonenumber.php?rev=2965324#L2942 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4488 – Dropbox Folder Share <= 1.9.7 - Unauthenticated Local File Inclusion
https://notcve.org/view.php?id=CVE-2023-4488
12 Sep 2023 — The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. ... Dropbox Folder Share para WordPress es vulnerable a la inclusión de archivos locales en versiones hasta la 1.9.7 incluida a través del archivo editor-view.php. • https://plugins.trac.wordpress.org/browser/dropbox-folder-share/trunk/HynoTech/UsosGenerales/js/editor-view.php?rev=2904670 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') CWE-829: Inclusion of Functionality from Untrusted Control Sphere •