CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40207 – WordPress Donations Made Easy – Smart Donations Plugin <= 4.0.12 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-40207
11 Aug 2023 — The Donations Made Easy – Smart Donations plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to, and including, 4.0.12 due to insufficient escaping on a user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/smart-donations/wordpress-donations-made-easy-smart-donations-plugin-4-0-12-sql-injection? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40210 – WordPress SB Child List Plugin <= 4.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-40210
11 Aug 2023 — The SB Child List plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5. • https://patchstack.com/database/vulnerability/sb-child-list/wordpress-sb-child-list-plugin-4-5-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4276 – Absolute Privacy <= 2.1 - Cross-Site Request Forgery to User Email/Password Change
https://notcve.org/view.php?id=CVE-2023-4276
09 Aug 2023 — The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. ... El plugin Absolute Privacy para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en versiones hasta la 2.1 inclusive. • https://plugins.trac.wordpress.org/browser/absolute-privacy/trunk/profile_page.php • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3452 – Canto <= 3.0.4 - Unauthenticated Remote File Inclusion
https://notcve.org/view.php?id=CVE-2023-3452
09 Aug 2023 — The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. ... WordPress Canto versions prior to 3.0.5 suffer from remote file inclusion and shell upload vulnerabilities. • https://github.com/leoanggal1/CVE-2023-3452-PoC • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39165 – WordPress Sign-up Sheets Plugin <= 2.2.8 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-39165
07 Aug 2023 — The Sign-up Sheets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.8. • https://patchstack.com/database/vulnerability/sign-up-sheets/wordpress-sign-up-sheets-plugin-2-2-8-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39917 – WordPress Photo Gallery by Ays Plugin <= 5.2.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-39917
07 Aug 2023 — The Photo Gallery by Ays plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.2.6. • https://patchstack.com/database/vulnerability/gallery-photo-gallery/wordpress-photo-gallery-by-ays-responsive-image-gallery-plugin-5-2-6-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39923 – WordPress The Post Grid Plugin <= 7.2.7 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-39923
07 Aug 2023 — The The Post Grid plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.2.7. • https://patchstack.com/database/vulnerability/the-post-grid/wordpress-the-post-grid-plugin-7-2-7-cross-site-request-forgery-csrf-leading-to-css-change-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37390 – WordPress Themesflat Addons For Elementor Plugin <= 2.0.0 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-37390
07 Aug 2023 — The Themesflat Addons For Elementor plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.0 via deserialization of untrusted input through the 'settings' parameter retrieved from the tf_product_filter nopriv AJAX action. • https://patchstack.com/database/vulnerability/themesflat-addons-for-elementor/wordpress-themesflat-addons-for-elementor-plugin-2-0-0-unauthenticated-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29384 – WordPress WordPress Job Board and Recruitment Plugin – JobWP Plugin <= 2.0 is vulnerable to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-29384
01 Aug 2023 — Unrestricted Upload of File with Dangerous Type vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through 2.0. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en HM Plugin WordPress Job Board and Recruitment Plugin – JobWP. Este problema afecta a WordPress Job Board y Recruitment Plugin – JobWP: desde n/a hasta 2.0. The WordPress Job Board an... • https://patchstack.com/database/vulnerability/jobwp/wordpress-job-board-and-recruitment-plugin-jobwp-plugin-2-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3162 – Stripe Payment Plugin for WooCommerce <= 3.7.7 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2023-3162
01 Aug 2023 — The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. ... WordPress Stripe Payment Plugin for WooCommerce plugin versions 3.7.7 and below suffer from an authentication bypass vulnerability. • https://plugins.trac.wordpress.org/browser/payment-gateway-stripe-and-woocommerce-integration/tags/3.7.7/includes/class-stripe-checkout.php#L640 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •