CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 1CVE-2023-4521 – Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE
https://notcve.org/view.php?id=CVE-2023-4521
28 Aug 2023 — The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. ... El complemento de WordPress Import XML and RSS Feeds anterior a 2.1.5 contiene un shell web que permite a atacantes no autenticados realizar RCE. ... The Import XML and RSS Feeds for WordPress is vulnerable to remote code execution in versions up to, and including, 2.1.4. • https://wpscan.com/vulnerability/de2cdb38-3a9f-448e-b564-a798d1e93481 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27448 – WordPress MakeStories (for Google Web Stories) Plugin <= 2.8.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-27448
28 Aug 2023 — The MakeStories (for Google Web Stories) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.2. • https://patchstack.com/database/vulnerability/makestories-helper/wordpress-makestories-for-google-web-stories-plugin-2-8-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27615 – WordPress WP Super Minify Plugin <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-27615
28 Aug 2023 — The WP Super Minify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.1. • https://patchstack.com/database/vulnerability/wp-super-minify/wordpress-wp-super-minify-plugin-1-5-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38389 – WordPress Jupiter X Core plugin <= 3.3.8 - Unauthenticated Account Takeover vulnerability
https://notcve.org/view.php?id=CVE-2023-38389
22 Aug 2023 — The JupiterX Core plugin for WordPress is vulnerable to privilege escalation due to insufficient validation in versions up to, and including, 3.3.8 due to insufficient controls on the facebook_log_user_in() function. • https://patchstack.com/database/vulnerability/jupiterx-core/wordpress-jupiter-x-core-plugin-3-3-0-unauthenticated-account-takeover-vulnerability? • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47175 – WordPress Royal Elementor Addons Plugin <= 1.3.75 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47175
22 Aug 2023 — The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.75. • https://patchstack.com/database/vulnerability/royal-elementor-addons/wordpress-royal-elementor-addons-plugin-1-3-75-multiple-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25480 – WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.24.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25480
22 Aug 2023 — The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.24.1. • https://patchstack.com/database/vulnerability/post-and-page-builder/wordpress-post-and-page-builder-by-boldgrid-plugin-1-24-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40671 – WordPress DX-auto-save-images Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-40671
21 Aug 2023 — The DX-auto-save-images plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.0. • https://patchstack.com/database/vulnerability/dx-auto-save-images/wordpress-dx-auto-save-images-plugin-1-4-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28791 – WordPress Simple Org Chart Plugin <= 2.3.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-28791
17 Aug 2023 — The Simple Org Chart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.4. • https://patchstack.com/database/vulnerability/simple-org-chart/wordpress-simple-org-chart-plugin-2-3-4-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40607 – WordPress CLUEVO LMS, E-Learning Platform Plugin <= 1.10.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-40607
17 Aug 2023 — The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.10.0. • https://patchstack.com/database/vulnerability/cluevo-lms/wordpress-cluevo-lms-plugin-1-10-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40609 – WordPress Contact form 7 Custom validation Plugin <= 1.1.3 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-40609
17 Aug 2023 — The Contact form 7 Custom validation plugin for WordPress is vulnerable toSQL Injection via the 'post' parameter in versions up to, and including, 1.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/cf7-field-validation/wordpress-contact-form-7-custom-validation-plugin-1-1-3-unauth-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •