CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4404 – Donation Forms by Charitable <= 1.7.0.12 - Unauthenticated Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-4404
17 Aug 2023 — The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'update_core_user' function. ... El plugin Donation Forms by Charitable para WordPress es vulnerable a la escalada de privilegios en versiones hasta, e incluyendo, la v1.7.0.12 debido a una restricción insuficiente en la función "update_core_user". ... WordPress Charitable Donations Plugin and Fundraising Platform v... • https://plugins.trac.wordpress.org/browser/charitable/tags/1.7.0.12/includes/users/class-charitable-user.php#L866 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40556 – WordPress Schedule Posts Calendar Plugin <= 5.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-40556
16 Aug 2023 — The Schedule Posts Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.2. • https://patchstack.com/database/vulnerability/schedule-posts-calendar/wordpress-schedule-posts-calendar-plugin-5-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40558 – WordPress Video Gallery & Management Plugin <= 3.3.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-40558
16 Aug 2023 — The Video Gallery & Management plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.5. • https://patchstack.com/database/vulnerability/youtube-showcase/wordpress-video-gallery-management-plugin-3-3-5-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40559 – WordPress WooCommerce Dynamic Pricing and Discount Rules Plugin <= 2.4.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-40559
16 Aug 2023 — The WooCommerce Dynamic Pricing and Discount Rules plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. • https://patchstack.com/database/vulnerability/woo-conditional-discount-rules-for-checkout/wordpress-dynamic-pricing-and-discount-rules-for-woocommerce-plugin-2-4-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40561 – Enhanced Ecommerce Google Analytics for WooCommerce
https://notcve.org/view.php?id=CVE-2023-40561
16 Aug 2023 — The WooCommerce Enhanced Ecommerce Analytics Integration with Conversion Tracking plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. • https://patchstack.com/database/vulnerability/woo-ecommerce-tracking-for-google-and-facebook/wordpress-enhanced-ecommerce-google-analytics-for-woocommerce-plugin-3-7-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35039 – WordPress Password Reset with Code for WordPress REST API Plugin <= 0.0.15 is vulnerable to Broken Authentication
https://notcve.org/view.php?id=CVE-2023-35039
14 Aug 2023 — Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15. La vulnerabilidad de restricción inadecuada de intentos de autenticación excesivos en Be Devious Web Development Password Reset with Code para la API REST de WordPress permite el abuso de autenticación. Este problema afe... • https://patchstack.com/database/vulnerability/bdvs-password-reset/wordpress-password-reset-with-code-for-wordpress-rest-api-plugin-0-0-15-privilege-escalation-due-to-weak-pin-generation-vulnerability? • CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27433 – WordPress Make Paths Relative Plugin <= 1.3.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-27433
14 Aug 2023 — The Make Paths Relative plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. • https://patchstack.com/database/vulnerability/make-paths-relative/wordpress-make-paths-relative-plugin-1-3-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40199 – WordPress WP Like Button Plugin <= 1.7.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-40199
11 Aug 2023 — The WP Like Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.11. • https://patchstack.com/database/vulnerability/wp-like-button/wordpress-wp-like-button-plugin-1-6-11-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40201 – WordPress Futurio Extra Plugin <= 1.8.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-40201
11 Aug 2023 — The Futurio Extra plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. • https://patchstack.com/database/vulnerability/futurio-extra/wordpress-futurio-extra-plugin-1-8-2-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40202 – WordPress WP HTML Mail Plugin <= 3.4.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-40202
11 Aug 2023 — The WP HTML Mail plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.0. • https://patchstack.com/database/vulnerability/wp-html-mail/wordpress-email-template-designer-wp-html-mail-plugin-3-4-0-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •