CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2330 – Caldera Forms Google Sheets Connector < 1.3 - Access Code Update via CSRF
https://notcve.org/view.php?id=CVE-2023-2330
26 Jun 2023 — The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack The Caldera Forms Google Sheets Connector plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3. • https://wpscan.com/vulnerability/fa8ccdd0-7b23-4b12-9aa9-4b29d47256b8 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36511 – WordPress WooCommerce Order Barcodes Plugin <= 1.6.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-36511
26 Jun 2023 — The WooCommerce Order Barcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.4. • https://patchstack.com/database/vulnerability/woocommerce-order-barcodes/wordpress-woocommerce-order-barcodes-plugin-1-6-4-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36513 – WordPress AutomateWoo Plugin <= 5.7.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-36513
26 Jun 2023 — The AutomateWoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.7.5. • https://patchstack.com/database/vulnerability/automatewoo/wordpress-automatewoo-plugin-5-7-5-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36514 – WordPress WooCommerce Ship to Multiple Addresses Plugin <= 3.8.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-36514
26 Jun 2023 — The WooCommerce Ship to Multiple Addresses plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.8.5. • https://patchstack.com/database/vulnerability/woocommerce-shipping-multiple-addresses/wordpress-woocommerce-ship-to-multiple-addresses-plugin-3-8-5-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3186 – Supsystic Popup < 1.10.19 - Prototype Pollution
https://notcve.org/view.php?id=CVE-2023-3186
23 Jun 2023 — The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype. The plugin Popup by Supsystic for WordPress is vulnerable to prototype pollution, which could make injecting malicious web scripts possible in some cases. • https://wpscan.com/vulnerability/545007fc-3173-47b1-82c4-ed3fd1247b9c • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3197 – MStore API <= 4.0.1 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2023-3197
23 Jun 2023 — The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. • https://plugins.trac.wordpress.org/changeset/2929891/mstore-api/trunk/controllers/helpers/vendor-wcfm.php • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36504 – WordPress BBS e-Popup plugin <= 2.4.5 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-36504
23 Jun 2023 — The BBS e-Popup plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bbse_popup_admin_action_proc() function called via admin_action in versions up to, and including, 2.4.5. • https://patchstack.com/database/vulnerability/bbs-e-popup/wordpress-bbs-e-popup-plugin-2-4-5-broken-access-control-vulnerability? • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36508 – WordPress Contact Form to DB by BestWebSoft Plugin <= 1.7.1 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-36508
23 Jun 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.1. Neutralización Inadecuada de Elementos Especiales utilizados en una vulnerabilidad de comando SQL ('Inyección SQL') en BestWebSoft Contact Form to DB ... • https://patchstack.com/database/vulnerability/contact-form-to-db/wordpress-contact-form-to-db-by-bestwebsoft-plugin-1-7-1-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35913 – WordPress OOPSpam Anti-Spam Plugin <= 1.1.44 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-35913
21 Jun 2023 — The OOPSpam Anti-Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.44. • https://patchstack.com/database/vulnerability/oopspam-anti-spam/wordpress-oopspam-anti-spam-plugin-1-1-44-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35912 – WordPress Potent Donations for WooCommerce Plugin <= 1.1.9 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-35912
20 Jun 2023 — The Potent Donations for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. • https://patchstack.com/database/vulnerability/donations-for-woocommerce/wordpress-potent-donations-for-woocommerce-plugin-1-1-9-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •