CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 2CVE-2023-3320 – WP Sticky Social <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-3320
19 Jun 2023 — The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. ... WordPress WP Sticky Social plugin version 1.0.1 suffers from cross site request forgery and cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/173048/WordPress-WP-Sticky-Social-1.0.1-CSRF-Cross-Site-Scripting.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3325 – CMS Commander <= 2.287 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature
https://notcve.org/view.php?id=CVE-2023-3325
19 Jun 2023 — The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and including, 2.287. • https://plugins.trac.wordpress.org/browser/cms-commander-client/tags/2.287/init.php#L88 • CWE-331: Insufficient Entropy CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35773 – WordPress Template Debugger Plugin <= 3.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-35773
16 Jun 2023 — The Template Debugger plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.2. • https://patchstack.com/database/vulnerability/quick-edit-template-link/wordpress-template-debugger-plugin-3-1-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35774 – WordPress LWS Tools Plugin <= 2.4.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-35774
16 Jun 2023 — The LWS Tools plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.1. • https://patchstack.com/database/vulnerability/lws-tools/wordpress-lws-tools-plugin-2-4-1-multiple-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35781 – WordPress LWS Cleaner Plugin <= 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-35781
16 Jun 2023 — The LWS Cleaner plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.0. • https://patchstack.com/database/vulnerability/lws-cleaner/wordpress-lws-cleaner-plugin-2-3-0-multiple-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35089 – WordPress Recipe Maker For Your Food Blog from Zip Recipes Plugin <= 8.0.7 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-35089
15 Jun 2023 — The Recipe Maker For Your Food Blog from Zip Recipes plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.7. • https://patchstack.com/database/vulnerability/zip-recipes/wordpress-recipe-maker-for-your-food-blog-from-zip-recipes-plugin-8-0-7-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35091 – WordPress WooCommerce Stock Manager Plugin <= 2.10.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-35091
14 Jun 2023 — The Stock Manager for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.10.0. • https://patchstack.com/database/vulnerability/woocommerce-stock-manager/wordpress-stock-manager-for-woocommerce-plugin-2-10-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35096 – WordPress myCred Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-35096
14 Jun 2023 — The myCred plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5. • https://patchstack.com/database/vulnerability/mycred/wordpress-mycred-plugin-2-5-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35038 – WordPress WP PDF Generator Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-35038
13 Jun 2023 — The WP PDF Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.2. • https://patchstack.com/database/vulnerability/wp-pdf-generator/wordpress-wp-pdf-generator-plugin-1-2-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34373 – WordPress Zephyr Project Manager Plugin <= 3.3.93 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-34373
13 Jun 2023 — The Zephyr Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.93. • https://patchstack.com/database/vulnerability/zephyr-project-manager/wordpress-zephyr-project-manager-plugin-3-3-93-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •