CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41650 – WordPress Remove/hide Author, Date, Category Like Entry-Meta Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-41650
01 Sep 2023 — The Remove/hide Author, Date, Category Like Entry-Meta plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. • https://patchstack.com/database/vulnerability/removehide-author-date-category-like-entry-meta/wordpress-remove-hide-author-date-category-like-entry-meta-plugin-2-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41652 – WordPress RSVPMarker Plugin <= 10.6.6 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-41652
01 Sep 2023 — The RSVPMarker plugin for WordPress is vulnerable to SQL Injection via the 'email' parameter in versions up to, and including, 10.6.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/rsvpmaker/wordpress-rsvpmaker-plugin-10-6-6-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41654 – WordPress authLdap Plugin <= 2.5.8 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-41654
01 Sep 2023 — The authLdap plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.8. • https://patchstack.com/database/vulnerability/authldap/wordpress-authldap-plugin-2-5-8-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41659 – WordPress Responsive Gallery Grid Plugin <= 2.3.10 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-41659
01 Sep 2023 — The Responsive Gallery Grid plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.13. • https://patchstack.com/database/vulnerability/responsive-gallery-grid/wordpress-responsive-gallery-grid-plugin-2-3-10-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41660 – WordPress WP Migration Plugin DB & Files – WP Synchro Plugin <= 1.9.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-41660
01 Sep 2023 — The WP Migration Plugin DB & Files – WP Synchro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9.1. • https://patchstack.com/database/vulnerability/wpsynchro/wordpress-wordpress-migration-plugin-db-files-wp-synchro-plugin-1-9-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4490 – WP Job Portal < 2.0.6 - Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2023-4490
30 Aug 2023 — The WP Job Portal WordPress plugin before 2.0.6 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users El complemento WP Job Portal de WordPress anterior a 2.0.6 no sanitiza ni escapa un parámetro antes de usarlo en una declaración SQL, lo que genera una inyección de SQL explotable por usuarios no autenticados. The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'city' paramet... • https://wpscan.com/vulnerability/986024f0-3c8d-44d8-a9c9-1dd284d7db0d • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 27%CPEs: 1EXPL: 5CVE-2023-4596 – Forminator <= 1.24.6 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-4596
29 Aug 2023 — The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. ... El plugin Forminator para WordPress es vulnerable a la subida de archivos arbitrarios debido a la validación del tipo de archivo que se produce después de que un archivo haya sido subido al servidor en la función "upload_post_image()" en versiones hasta, e ... • https://github.com/X-Projetion/CVE-2023-4596-Vulnerable-Exploit-and-Checker-Version • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41244 – WordPress Localize Remote Images Plugin <= 1.0.9 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-41244
29 Aug 2023 — The Localize Remote Images plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.9. • https://patchstack.com/database/vulnerability/localize-remote-images/wordpress-localize-remote-images-plugin-1-0-9-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29235 – WordPress Maintenance Switch Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-29235
28 Aug 2023 — The Maintenance Switch plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. • https://patchstack.com/database/vulnerability/maintenance-switch/wordpress-maintenance-switch-plugin-1-5-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25033 – WordPress Social Share Boost Plugin <= 4.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25033
28 Aug 2023 — The Social Share Boost plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5. • https://patchstack.com/database/vulnerability/social-share-boost/wordpress-social-share-boost-plugin-4-5-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •