CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37990 – WordPress Perelink Pro Plugin <= 2.1.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-37990
24 Jul 2023 — The Perelink Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.4. • https://patchstack.com/database/vulnerability/perelink/wordpress-perelink-pro-plugin-2-1-4-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38396 – WordPress Google Map Shortcode Plugin <= 3.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-38396
24 Jul 2023 — The Google Map Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.2. • https://patchstack.com/database/vulnerability/google-map-shortcode/wordpress-google-map-shortcode-plugin-3-1-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38398 – WordPress Taboola Plugin <= 2.0.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-38398
24 Jul 2023 — The Taboola plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.1. • https://patchstack.com/database/vulnerability/taboola/wordpress-taboola-plugin-2-0-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3211 – WordPress Database Administrator <= 1.0.3 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2023-3211
24 Jul 2023 — The WordPress Database Administrator WordPress plugin through 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. El complemento WordPress Database Administrator de WordPress hasta la versión 1.0.3 no sanitiza ni escapa adecuadamente un parámetro antes de usarlo en una declaración SQL a través de una acción AJAX disponible para usuarios no autenticados, lo que... • https://wpscan.com/vulnerability/873824f0-e8b1-45bd-8579-bc3c649a54e5 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3435 – User Activity Log < 1.6.5 - Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2023-3435
24 Jul 2023 — The User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks. The User Activity Log plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.6.4 via the ual_export_log() and ual_export_user_log() function that is missing preparation on existing queries as well as escaping on the... • https://wpscan.com/vulnerability/30a37a61-0d16-46f7-b9d8-721d983afc6b • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36682 – WordPress Schema Pro Plugin <= 2.7.7 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-36682
21 Jul 2023 — The Schema Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.7. • https://patchstack.com/database/vulnerability/wp-schema-pro/wordpress-schema-pro-plugin-2-7-7-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36684 – WordPress Convert Pro plugin <= 1.7.5 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-36684
21 Jul 2023 — The Convert Pro plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 1.7.5. • https://patchstack.com/database/vulnerability/convertpro/wordpress-convert-pro-plugin-1-7-5-broken-access-control-vulnerability? • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37998 – WordPress Disabler Plugin <= 3.0.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-37998
20 Jul 2023 — The Disabler plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.3. • https://patchstack.com/database/vulnerability/disabler/wordpress-disabler-plugin-3-0-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38381 – WordPress WP-FlyBox Plugin <= 6.46 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-38381
20 Jul 2023 — The WP-FlyBox plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.46. • https://patchstack.com/database/vulnerability/wp-flybox/wordpress-wp-flybox-plugin-6-46-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38512 – WordPress WpStream – Live Streaming, Video on Demand, Pay Per View Plugin <= 4.5.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-38512
20 Jul 2023 — Se ha encontrado una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin para WordPress WpStream – Live Streaming, Video on Demand, Pay Per View de WpStream en versiones anteriores a la 4.5.4 inclusive. The WpStream – Live Streaming, Video on Demand, Pay Per View plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.4. • https://patchstack.com/database/vulnerability/wpstream/wordpress-wpstream-live-streaming-video-on-demand-pay-per-view-plugin-4-5-4-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •