CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36685 – WordPress CartFlows Pro Plugin <= 1.11.12 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-36685
27 Jul 2023 — The CartFlows Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.12. • https://patchstack.com/database/vulnerability/cartflows-pro/wordpress-cartflows-pro-plugin-1-11-12-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3956 – InstaWP Connect <= 0.0.9.18 - Missing Authorization to Unauthenticated Post/Taxonomy/User Add/Change/Delete, Customizer Setting Change, Plugin Installation/Activation/Deactication via events_receiver
https://notcve.org/view.php?id=CVE-2023-3956
26 Jul 2023 — The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'events_receiver' function in versions up to, and including, 0.0.9.18. ... El plugin InstaWP Connect para WordPress es vulnerable al acceso no autorizado de datos, modificación de datos y pérdida de datos debido a una comprobación de capacidad faltante en la función "events_receiver" en versiones hasta la 0.0.9.18 inclusive. • https://plugins.trac.wordpress.org/browser/instawp-connect/tags/0.0.9.18/includes/class-instawp-rest-apis.php#L103 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24380 – WordPress Simple Wp Sitemap Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-24380
26 Jul 2023 — The Simple Wp Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. • https://patchstack.com/database/vulnerability/simple-wp-sitemap/wordpress-simple-wp-sitemap-plugin-1-2-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25463 – WordPress wp tell a friend popup form Plugin <= 7.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25463
26 Jul 2023 — The wp tell a friend popup form plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1. • https://patchstack.com/database/vulnerability/wp-tell-a-friend-popup-form/wordpress-wp-tell-a-friend-popup-form-plugin-7-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25489 – WordPress Update Theme and Plugins from Zip File Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25489
26 Jul 2023 — The Update Theme and Plugins from Zip File plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.0. • https://patchstack.com/database/vulnerability/update-theme-and-plugins-from-zip-file/wordpress-update-theme-and-plugins-from-zip-file-plugin-2-0-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25788 – WordPress Saphali Woocommerce Lite Plugin <= 1.8.13 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25788
26 Jul 2023 — The Saphali Woocommerce Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.13. • https://patchstack.com/database/vulnerability/saphali-woocommerce-lite/wordpress-saphali-woocommerce-lite-plugin-1-8-13-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25980 – WordPress Optimize Database after Deleting Revisions Plugin <= 5.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25980
26 Jul 2023 — The Optimize Database after Deleting Revisions plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1 This is due to missing or incorrect nonce validation on the ‘odb_start_manually’ function. • https://patchstack.com/database/vulnerability/rvg-optimize-database/wordpress-optimize-database-after-deleting-revisions-plugin-5-0-110-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2023-25989 – Cross-Site Request Forgery (CSRF) vulnerability in multiple WordPress plugins by Meks
https://notcve.org/view.php?id=CVE-2023-25989
26 Jul 2023 — The Meks Smart Social Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6. • https://patchstack.com/database/vulnerability/meks-audio-player/wordpress-meks-audio-player-plugin-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27435 – WordPress HTTP Auth Plugin <= 0.3.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-27435
26 Jul 2023 — The HTTP Auth plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.3.2. • https://patchstack.com/database/vulnerability/http-auth/wordpress-http-auth-plugin-0-3-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38390 – WordPress Mobile Address Bar Changer Plugin <= 3.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-38390
25 Jul 2023 — The Mobile Address Bar Changer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0. • https://patchstack.com/database/vulnerability/mobile-address-bar-changer/wordpress-mobile-address-bar-changer-plugin-3-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •