CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34025 – WordPress LWS Hide Login Plugin <= 2.1.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-34025
31 May 2023 — The LWS Hide Login plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.6. • https://patchstack.com/database/vulnerability/lws-hide-login/wordpress-lws-hide-login-plugin-2-1-5-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34031 – WordPress bbPress Toolkit Plugin <= 1.0.12 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-34031
31 May 2023 — The bbPress Toolkit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. • https://patchstack.com/database/vulnerability/bbp-toolkit/wordpress-bbpress-toolkit-plugin-1-0-12-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34033 – WordPress Ajax Pagination and Infinite Scroll Plugin <= 2.0.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-34033
31 May 2023 — The Ajax Pagination and Infinite Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.1. • https://patchstack.com/database/vulnerability/malinky-ajax-pagination/wordpress-ajax-pagination-and-infinite-scroll-plugin-2-0-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2549 – Feather Login Page 1.0.7 - 1.1.1 - Cross-Site Request Forgery to Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-2549
30 May 2023 — The Feather Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions starting from 1.0.7 up to, and including, 1.1.1. ... El plugin Feather Login Page para WordPress es vulnerable a Cross-Site Request Forgery en versiones desde la 1.0.7 hasta la 1.1.1 inclusive. • https://plugins.trac.wordpress.org/browser/feather-login-page/trunk/features/inc/admin/expirable-login-link.php?rev=2612332#L206 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25700 – WordPress Tutor LMS Plugin <= 2.1.10 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-25700
30 May 2023 — The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via many parameters in versions up to, and including, 2.1.10 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/tutor/wordpress-tutor-lms-plugin-2-1-10-unauthenticated-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2987 – Wordapp <= 1.6.0 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature
https://notcve.org/view.php?id=CVE-2023-2987
30 May 2023 — The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficiently unique cryptographic signature on the 'wa_pdx_op_config_set' function in versions up to, and including, 1.5.0. ... El plugin Wordapp para WordPress es vulnerable a una omisión de autorización debido al uso de una firma criptográfica insuficientemente única en la función "wa_pdx_op_config_set" en versiones hasta la 1.5.0 inclusive. ... The Wordapp plugin for WordPress is vulnerable to a... • https://plugins.trac.wordpress.org/browser/wordapp/trunk/includes/access.php#L28 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31216 – WordPress Ultimate Member Plugin <= 2.6.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-31216
30 May 2023 — The Ultimate Member plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.0. • https://patchstack.com/database/vulnerability/ultimate-member/wordpress-ultimate-member-plugin-2-6-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34178 – WordPress Groundhogg Plugin <= 2.7.11 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-34178
30 May 2023 — The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.11. • https://patchstack.com/database/vulnerability/groundhogg/wordpress-groundhogg-plugin-2-7-10-3-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34181 – WordPress WP-Cirrus Plugin <= 0.6.11 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-34181
30 May 2023 — The WP-Cirrus plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.11. • https://patchstack.com/database/vulnerability/wp-cirrus/wordpress-wp-cirrus-plugin-0-6-11-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34182 – WordPress LH Password Changer Plugin <= 1.55 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-34182
30 May 2023 — The LH Password Changer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.55. • https://patchstack.com/database/vulnerability/lh-password-changer/wordpress-lh-password-changer-plugin-1-55-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •