CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37974 – WordPress WP-FB-AutoConnect Plugin <= 4.6.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-37974
12 Jul 2023 — The WP-FB-AutoConnect plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.6.1. • https://patchstack.com/database/vulnerability/wp-fb-autoconnect/wordpress-wp-social-autoconnect-plugin-4-6-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24410 – WordPress FluentForm Plugin <= 4.3.25 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-24410
12 Jul 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contact Form - WPManageNinja LLC Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms fluentform allows SQL Injection.This issue affects Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms: from n/a through 4.3.25. Neutralización Inadecuada de Elementos Especiales utilizados en una vulnerabilidad de comando SQL ('inyección ... • https://patchstack.com/database/vulnerability/fluentform/wordpress-fluentform-plugin-4-3-25-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-32117 – WordPress Integrate Google Drive plugin <= 1.1.99 - Unauthenticated Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-32117
12 Jul 2023 — The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 1.1.99. • https://patchstack.com/database/wordpress/plugin/integrate-google-drive/vulnerability/wordpress-integrate-google-drive-plugin-1-1-99-unauthenticated-broken-access-control-vulnerability? • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37889 – WordPress WPAdmin AWS CDN Plugin <= 2.0.13 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-37889
11 Jul 2023 — The WPAdmin AWS CDN plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.13. • https://patchstack.com/database/vulnerability/aws-cdn-by-wpadmin/wordpress-wpadmin-aws-cdn-plugin-2-0-13-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37891 – WordPress Exit Popups & Onsite Retargeting by OptiMonk Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-37891
11 Jul 2023 — The Exit Popups & Onsite Retargeting by OptiMonk plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.4. • https://patchstack.com/database/vulnerability/exit-intent-popups-by-optimonk/wordpress-exit-popups-onsite-retargeting-by-optimonk-plugin-2-0-4-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37892 – WordPress Shortcode IMDB Plugin <= 6.0.8 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-37892
11 Jul 2023 — The Shortcode IMDB plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.0.8. • https://patchstack.com/database/vulnerability/shortcode-imdb/wordpress-shortcode-imdb-plugin-6-0-8-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25036 – WordPress Social Media Icons Widget Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25036
10 Jul 2023 — The Social Media Icons Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6. • https://patchstack.com/database/vulnerability/spoontalk-social-media-icons-widget/wordpress-social-media-icons-widget-plugin-1-6-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47169 – WordPress Visibility Logic for Elementor Plugin <= 2.3.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47169
05 Jul 2023 — The Visibility Logic for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.4. • https://patchstack.com/database/vulnerability/visibility-logic-elementor/wordpress-visibility-logic-for-elementor-plugin-2-3-4-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47172 – WordPress WooLentor Plugin <= 2.6.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47172
05 Jul 2023 — The WooLentor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.2. • https://patchstack.com/database/vulnerability/woolentor-addons/wordpress-shoplentor-plugin-2-6-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3011 – ARMember <= 4.0.5 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2023-3011
05 Jul 2023 — The ARMember plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.5. • https://plugins.trac.wordpress.org/changeset/2932691/armember-membership/trunk/autoload.php • CWE-352: Cross-Site Request Forgery (CSRF) •