NotCVE - Wordpress cvss:10

Page 97 of 1619 results (0.131 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2

CVE-2023-2986 – Abandoned Cart Lite for WooCommerce <= 5.15.1 - Authentication Bypass

https://notcve.org/view.php?id=CVE-2023-2986

06 Jun 2023 — The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. ... WordPress Abandoned Cart Lite for WooCommerce plugin versions 5.14.2 and below suffer from an authentication bypass vulnerability. • https://www.wordfence.com/blog/2023/06/tyche-softwares-addresses-authentication-bypass-vulnerability-in-abandoned-cart-lite-for-woocommerce-wordpress-plugin • CWE-288: Authentication Bypass Using an Alternate Path or Channel •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2

CVE-2023-2601 – WP Brutal AI < 2.0.0 - SQL Injection via CSRF

https://notcve.org/view.php?id=CVE-2023-2601

05 Jun 2023 — The wpbrutalai WordPress plugin before 2.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin via CSRF. The WP Brutal AI plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions before 2.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. ... WordPress WP Brutal AI plugin versions prior to 2.0.0 suf... • http://packetstormsecurity.com/files/173732/WordPress-WP-Brutal-AI-Cross-Site-Request-Forgery-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-2628 – KiviCare Management System < 3.2.1 - Multiple CSRF

https://notcve.org/view.php?id=CVE-2023-2628

05 Jun 2023 — The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks (either flawed or missing completely) in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary appointments/medical records/etc, create/update various users (patients, doctors etc) The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versio... • https://wpscan.com/vulnerability/e0741e2c-c529-4815-8744-16e01cdb0aed • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-34378 – WordPress WP Hide Post Plugin <= 2.0.10 is vulnerable to Cross Site Request Forgery (CSRF)

https://notcve.org/view.php?id=CVE-2023-34378

03 Jun 2023 — The WP Hide Post plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.10. • https://patchstack.com/database/vulnerability/wp-hide-post/wordpress-wp-hide-post-plugin-2-0-10-cross-site-request-forgery-csrf-leading-to-post-status-change-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-34384 – WordPress Kebo Twitter Feed Plugin <= 1.5.12 is vulnerable to Cross Site Request Forgery (CSRF)

https://notcve.org/view.php?id=CVE-2023-34384

03 Jun 2023 — The Kebo Twitter Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.12. • https://patchstack.com/database/vulnerability/kebo-twitter-feed/wordpress-kebo-twitter-feed-plugin-1-5-12-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-34386 – WordPress WPC Smart Wishlist for WooCommerce Plugin <= 4.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

https://notcve.org/view.php?id=CVE-2023-34386

03 Jun 2023 — The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7.1. • https://patchstack.com/database/vulnerability/woo-smart-wishlist/wordpress-wpc-smart-wishlist-for-woocommerce-plugin-4-6-7-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-3052 – Page Builder by AZEXO <= 1.27.133 - Cross-Site Request Forgery to Post Creation/Modification/Deletion

https://notcve.org/view.php?id=CVE-2023-3052

02 Jun 2023 — The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. • https://plugins.trac.wordpress.org/browser/page-builder-by-azexo/trunk/azexo_html.php#L4085 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-31087 – WordPress JS Job Manager Plugin <=2.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

https://notcve.org/view.php?id=CVE-2023-31087

02 Jun 2023 — The JS Job Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.0. • https://patchstack.com/database/vulnerability/js-jobs/wordpress-js-jobs-manager-plugin-2-0-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-34371 – WordPress Download SpamReferrerBlock Plugin <= 2.22 is vulnerable to Cross Site Request Forgery (CSRF)

https://notcve.org/view.php?id=CVE-2023-34371

02 Jun 2023 — The SpamReferrerBlock plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.22. • https://patchstack.com/database/vulnerability/spamreferrerblock/wordpress-spamreferrerblock-plugin-2-22-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-34002 – WordPress WP Inventory Manager Plugin <= 2.1.0.13 is vulnerable to Cross Site Request Forgery (CSRF)

https://notcve.org/view.php?id=CVE-2023-34002

02 Jun 2023 — The WP Inventory Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.0.13. • https://patchstack.com/database/vulnerability/wp-inventory-manager/wordpress-wp-inventory-manager-plugin-2-1-0-13-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •

1...95 96 97 98 99