CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41669 – WordPress Live News Plugin <= 1.06 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-41669
04 Sep 2023 — The Live News plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.06. • https://patchstack.com/database/vulnerability/live-news-lite/wordpress-live-news-plugin-1-06-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41670 – WordPress Use Memcached Plugin <= 1.0.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-41670
04 Sep 2023 — The Use Memcached plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5. • https://patchstack.com/database/vulnerability/use-memcached/wordpress-use-memcached-plugin-1-0-5-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41672 – WordPress Hide admin notices – Admin Notification Center Plugin <= 2.3.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-41672
04 Sep 2023 — The Hide admin notices – Admin Notification Center plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.2. • https://patchstack.com/database/vulnerability/wp-admin-notification-center/wordpress-hide-admin-notices-admin-notification-center-plugin-2-3-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41684 – WordPress SIS Handball Plugin <= 1.0.45 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-41684
04 Sep 2023 — The SIS Handball plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.45. • https://patchstack.com/database/vulnerability/sis-handball/wordpress-sis-handball-plugin-1-0-45-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41685 – WordPress Woocommerce Support System Plugin <= 1.2.1 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-41685
04 Sep 2023 — The Woocommerce Support System plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in versions up to, and including, 1.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/wc-support-system/wordpress-woocommerce-support-system-plugin-1-2-0-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41693 – WordPress MyCryptoCheckout Plugin <= 2.125 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-41693
04 Sep 2023 — The MyCryptoCheckout plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.125. This is due to missing nonce validation in the ~/vendor/plainview/sdk/wordpress/form2/form.php file. • https://patchstack.com/database/vulnerability/mycryptocheckout/wordpress-mycryptocheckout-plugin-2-125-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41694 – WordPress Realbig Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-41694
04 Sep 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Realbig Team Realbig For WordPress plugin <= 1.0.3 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Realbig Team Realbig para WordPress en versiones <= 1.0.3. The Realbig plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.6. ... Cross-Site Request Forgery (CSRF) vulnerability in Realbig Team Realbig For WordPress plugin <= 1.0.3 versions. • https://patchstack.com/database/vulnerability/realbig-media/wordpress-realbig-plugin-1-0-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3547 – All in One B2B for WooCommerce <= 1.0.3 - Multiple CSRF
https://notcve.org/view.php?id=CVE-2023-3547
04 Sep 2023 — The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks. El complemento de WordPress All in One B2B para WooCommerce hasta la versión 1.0.3 no verifica correctamente los valores nonce en varias acciones, lo que permite a un atacante realizar ataques CSRF. The All in One B2B for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and ... • https://wpscan.com/vulnerability/3cfb6696-18ad-4a38-9ca3-992f0b768b78 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34383 – WordPress WP Project Manager Plugin <= 2.6.0 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-34383
04 Sep 2023 — The WP Project Manager plugin for WordPress is vulnerable to SQL Injection via the user task starting date in versions up to, and including, 2.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/wedevs-project-manager/wordpress-wp-project-manager-task-team-and-project-management-plugin-featuring-kanban-board-and-gantt-charts-plugin-2-6-0-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41650 – WordPress Remove/hide Author, Date, Category Like Entry-Meta Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-41650
01 Sep 2023 — The Remove/hide Author, Date, Category Like Entry-Meta plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. • https://patchstack.com/database/vulnerability/removehide-author-date-category-like-entry-meta/wordpress-remove-hide-author-date-category-like-entry-meta-plugin-2-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •