CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46849 – WordPress Coming Soon Plugin <= 1.5.9 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2022-46849
05 Jul 2023 — The Coming Soon Page plugin for WordPress is vulnerable to SQL Injection via the 'rem' parameter in versions up to, and including, 1.5.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/responsive-coming-soon-page/wordpress-coming-soon-page-plugin-1-5-8-sql-injection-sqli-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36690 – WordPress WPLMS Theme < 4.900 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-36690
05 Jul 2023 — The WPLMS theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 4.900. • https://patchstack.com/database/vulnerability/wplms/wordpress-wplms-theme-4-600-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37386 – WordPress Media Library Helper by Codexin Plugin <= 1.2.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-37386
05 Jul 2023 — The Media Library Helper by Codexin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.0. • https://patchstack.com/database/vulnerability/media-library-helper/wordpress-media-library-helper-by-codexin-plugin-1-2-0-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37387 – WordPress Classified Listing Plugin <= 2.4.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-37387
05 Jul 2023 — The Classified Listing plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.5. • https://patchstack.com/database/vulnerability/classified-listing/wordpress-classified-listing-plugin-2-4-5-cross-site-request-forgery-csrf-leading-to-thumbnail-removal-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37392 – WordPress WP Dummy Content Generator Plugin <= 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-37392
05 Jul 2023 — The WP Dummy Content Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.0. • https://patchstack.com/database/vulnerability/wp-dummy-content-generator/wordpress-wp-dummy-content-generator-plugin-2-3-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39989 – WordPress Header Footer Code Manager Plugin <= 1.1.34 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-39989
04 Jul 2023 — The Header Footer Code Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.34. • https://patchstack.com/database/vulnerability/header-footer-code-manager/wordpress-header-footer-code-manager-plugin-1-1-34-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36515 – WordPress LearnPress plugin <= 4.2.3 - Unauthenticated Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-36515
04 Jul 2023 — The LearnPress plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on one of its functions in versions up to, and including, 4.2.3. • https://patchstack.com/database/vulnerability/learnpress/wordpress-learnpress-plugin-4-2-3-unauthenticated-broken-access-control-vulnerability? • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36693 – WordPress WP RSS Images Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-36693
04 Jul 2023 — The WP RSS Images plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. • https://patchstack.com/database/vulnerability/wp-rss-images/wordpress-wp-rss-images-plugin-1-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36691 – WordPress WebwinkelKeur Plugin <= 3.24 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-36691
30 Jun 2023 — The WebwinkelKeur plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.24. • https://patchstack.com/database/vulnerability/webwinkelkeur/wordpress-webwinkelkeu-plugin-3-24-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3249 – Web3 – Crypto wallet Login & NFT token gating <= 2.6.0 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2023-3249
29 Jun 2023 — The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. • https://plugins.trac.wordpress.org/browser/web3-authentication/tags/2.6.0/classes/common/Web3/controller/class-moweb3flowhandler.php#L198 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •