CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4827 – File Manager Pro < 1.8 - Remote Code Execution via CSRF
https://notcve.org/view.php?id=CVE-2023-4827
11 Sep 2023 — The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the `fs_connector` AJAX action. ... El complemento File Manager Pro de WordPress anterior a la versión 1.8 no verifica correctamente el nonce de CSRF en la acción AJAX `fs_connector`. ... The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. • https://wpscan.com/vulnerability/d4daf0e1-8018-448a-964c-427a355e005f • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4666 – Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-4666
07 Sep 2023 — The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE El complemento Form Maker by 10Web WordPress anterior al 15.1.20 no valida las firmas cuando las crea en el servidor a partir de la entrada del usuario, lo que permite a usuarios no autenticados crear archivos arbitrarios y conducir a RCE The Form Maker by 10Web plugin for WordPress... • https://wpscan.com/vulnerability/c6597e36-02d6-46b4-89db-52c160f418be • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40555 – WordPress Flatsome Theme <= 3.17.5 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-40555
05 Sep 2023 — The Flatsome theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.17.5 via deserialization of untrusted input. • https://patchstack.com/database/vulnerability/flatsome/wordpress-flatsome-theme-3-17-5-unauthenticated-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25054 – WordPress RSVPMarker Plugin <= 10.6.6 is vulnerable to Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2023-25054
05 Sep 2023 — The RSVPMaker plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 10.6.6 via deserialization of untrusted input from the $details variable. • https://patchstack.com/database/vulnerability/rsvpmaker/wordpress-rsvpmaker-plugin-10-6-6-remote-code-execution-rce-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 44%CPEs: 1EXPL: 3CVE-2023-4634 – Media Library Assistant <= 3.09 - Unauthenticated Local/Remote File Inclusion & Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-4634
05 Sep 2023 — The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. ... El complemento Media Library Assistant para WordPress es vulnerable a la inclusión de archivos locales y la ejecución remota de código en versiones hasta la 3.09 incluida. ... WordPress Media Library Assistant plugin versions prior to 3.10 are affected by an unauthenticated remote reference to Imagick() conversion which allows attac... • https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634 • CWE-73: External Control of File Name or Path •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41697 – WordPress Easy WP Cleaner Plugin <= 1.9 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-41697
05 Sep 2023 — The Easy WP Cleaner plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9. ... This makes it possible for unauthenticated attackers to delete data from a WordPress instance via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/easy-wp-cleaner/wordpress-easy-wp-cleaner-plugin-1-9-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41730 – WordPress SendPress Newsletters Plugin <= 1.22.3.31 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-41730
05 Sep 2023 — The SendPress Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.23.11.6. • https://patchstack.com/database/vulnerability/sendpress/wordpress-sendpress-newsletters-plugin-1-22-3-31-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41732 – WordPress CP Blocks Plugin <= 1.0.20 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-41732
05 Sep 2023 — The CP Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.20. • https://patchstack.com/database/vulnerability/cp-blocks/wordpress-cp-blocks-plugin-1-0-20-csrf-leading-to-plugin-settings-change-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41801 – WordPress AWP Classifieds Plugin <= 4.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-41801
05 Sep 2023 — The AWP Classifieds plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3. • https://patchstack.com/database/vulnerability/another-wordpress-classifieds-plugin/wordpress-classifieds-plugin-ad-directory-listings-plugin-4-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41850 – WordPress Outbound Link Manager Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-41850
05 Sep 2023 — The Outbound Link Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2. • https://patchstack.com/database/vulnerability/outbound-link-manager/wordpress-outbound-link-manager-plugin-1-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •