CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49159 – WordPress CommentLuv Plugin <= 3.0.4 is vulnerable to Server Side Request Forgery (SSRF)
https://notcve.org/view.php?id=CVE-2023-49159
Server-Side Request Forgery (SSRF) vulnerability in Elegant Digital Solutions CommentLuv.This issue affects CommentLuv: from n/a through 3.0.4. Vulnerabilidad de Server-Side Request Forgery (SSRF) en Elegant Digital Solutions CommentLuv. Este problema afecta a CommentLuv: desde n/a hasta 3.0.4. The CommentLuv plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.4 via the do_click function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. • https://patchstack.com/database/vulnerability/commentluv/wordpress-commentluv-plugin-3-0-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40210 – WordPress SB Child List Plugin <= 4.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-40210
Cross-Site Request Forgery (CSRF) vulnerability in Sean Barton (Tortoise IT) SB Child List plugin <= 4.5 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Sean Barton (Tortoise IT) SB Child List en versiones <= 4.5. The SB Child List plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5. This is due to missing or incorrect nonce validation on the 'sb_cl_update_settings' function. This makes it possible for unauthenticated attackers to update the plugin settings via a forged request granted they can trick a site author or above into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/sb-child-list/wordpress-sb-child-list-plugin-4-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3133 – Elementor Contact Form DB <= 1.5 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2021-3133
The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages. El plugin Elementor Contact Form DB versiones anteriores a 1.6 para WordPress, permite un ataque de tipo CSRF por medio de las páginas de administración del backend • https://advisory.checkmarx.net/advisory/CX-2020-4293 https://plugins.trac.wordpress.org/changeset/2454670 https://wordpress.org/plugins/sb-elementor-contact-form-db/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-14148
https://notcve.org/view.php?id=CVE-2020-14148
The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function. La implementación del protocolo Server-Server en ngIRCd versiones anteriores a 26~rc2, permite un acceso fuera de límites, como es demostrado por la función IRC_NJOIN() • https://github.com/ngircd/ngircd/issues/274 https://github.com/ngircd/ngircd/issues/277 https://github.com/ngircd/ngircd/pull/275 https://github.com/ngircd/ngircd/pull/276 https://github.com/ngircd/ngircd/releases/tag/rel-26-rc2 https://lists.debian.org/debian-lts-announce/2020/06/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BJOYV5GHUFJMUVQW3TJKXZ7JPXL4W3ER https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 2%CPEs: 6EXPL: 0CVE-2013-5580
https://notcve.org/view.php?id=CVE-2013-5580
The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn.c in ngIRCd 18 through 20.2, when the configuration option NoticeAuth is enabled, does not properly handle the return code for the Handle_Write function, which allows remote attackers to cause a denial of service (assertion failure and server crash) via unspecified vectors, related to a "notice auth" message not being sent to a new client. Las funciones (1) Conn_StartLogin y (2) cb_Read_Resolver_Result en conn.c de ngIRCd 18 hasta 20.2, cuando la opción de configuración NoticeAuth es activada, no maneja apropiadamente el código de retorno para la función HandleWrite, lo que permite a atacantes remotos causar una denegación de servicio (fallo de aserción y caída del servidor) a través de vectores no especificados, relacionado con un mensaje "notice auth" que no es enviado al nuevo cliente. • http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git%3Ba=commit%3Bh=309122017ebc6fff039a7cab1b82f632853d82d5 http://arthur.barton.de/pipermail/ngircd-ml/2013-August/000645.html http://freecode.com/projects/ngircd/releases/357245 http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115047.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115077.html http://osvdb.org/96590 http://secunia.com/advisories/54567 • CWE-20: Improper Input Validation •