CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34015 – WordPress Advanced Flat rate shipping Woocommerce Plugin <= 1.6.4.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-34015
02 Jun 2023 — The Advanced Flat rate shipping Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.4.4. • https://patchstack.com/database/vulnerability/advanced-free-flat-shipping-woocommerce/wordpress-advanced-flat-rate-shipping-woocommerce-plugin-1-6-4-4-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2781 – User Email Verification for WooCommerce <= 3.5.0 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2023-2781
02 Jun 2023 — The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticate_user_by_email in versions up to, and including, 3.5.0. • https://plugins.trac.wordpress.org/browser/woo-confirmation-email/tags/3.5.0/public/class-xlwuev-woocommerce-confirmation-email-public.php#L143 • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-125104 – VaultPress Plugin MailPoet Plugin class.vaultpress-hotfixes.php protect_aioseo_ajax unrestricted upload
https://notcve.org/view.php?id=CVE-2014-125104
01 Jun 2023 — A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress. ... In VaultPress Plugin bis 1.6.0 für WordPress wurde eine kritische Schwachstelle ausgemacht. • https://github.com/wp-plugins/vaultpress/commit/e3b92b14edca6291c5f998d54c90cbe98a1fb0e3 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31088 – WordPress Floating Action Button Plugin <=1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-31088
31 May 2023 — The Floating Action Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, <=1.2.1. • https://patchstack.com/database/vulnerability/floating-action-button/wordpress-floating-action-button-plugin-1-2-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 78%CPEs: 1EXPL: 3CVE-2023-2068 – File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode
https://notcve.org/view.php?id=CVE-2023-2068
31 May 2023 — The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. ... The File Manager Advanced Shortcode WordPress plugin for WordPress is vulnerable to remote code execution in versions up to, and including, 2.3.2. • http://packetstormsecurity.com/files/173735/WordPress-File-Manager-Advanced-Shortcode-2.3.2-Remote-Code-Execution.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32093 – WordPress TPG Redirect Plugin <= 1.0.7 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-32093
31 May 2023 — The TPG Redirect plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.7. • https://patchstack.com/database/vulnerability/tpg-redirect/wordpress-tpg-redirect-plugin-1-0-6-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34169 – WordPress TS Webfonts for さくらのレンタルサーバ Plugin <= 3.1.2 is vulnerable to Broken Access Control
https://notcve.org/view.php?id=CVE-2023-34169
31 May 2023 — The TS Webfonts for さくらのレンタルサーバ plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. • https://patchstack.com/database/vulnerability/ts-webfonts-for-sakura/wordpress-ts-webfonts-for-plugin-3-1-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34171 – WordPress WP Report Post Plugin <= 2.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-34171
31 May 2023 — The WP Report Post plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.2. • https://patchstack.com/database/vulnerability/wp-report-post/wordpress-wp-report-post-plugin-2-1-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34177 – WordPress WP-Cache.com Plugin <= 1.1.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-34177
31 May 2023 — The WP-Cache.com plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.1. • https://patchstack.com/database/vulnerability/wp-cachecom/wordpress-wp-cache-com-plugin-1-1-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34024 – WordPress WP Full Auto Tags Manager Plugin <= 2.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-34024
31 May 2023 — The WP Full Auto Tags Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2. • https://patchstack.com/database/vulnerability/wp-full-auto-tags-manager/wordpress-wp-full-auto-tags-manager-plugin-2-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •