CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31075 – WordPress Easy Hide Login Plugin <= 1.0.8 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-31075
09 May 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Arshid Easy Hide Login.This issue affects Easy Hide Login: from n/a through 1.0.8. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Arshid Easy Hide Login. Este problema afecta a Easy Hide Login: desde n/a hasta 1.0.8. The Easy Hide Login plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.8. This is due to missing or incorrect nonce validation on the wp_hide_login_plugin_options function. • https://patchstack.com/database/vulnerability/easy-hide-login/wordpress-easy-hide-login-plugin-1-0-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32505 – WordPress Easy Hide Login Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-32505
09 May 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Arshid Easy Hide Login plugin <= 1.0.7 versions. The Easy Hide Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injec... • https://patchstack.com/database/vulnerability/easy-hide-login/wordpress-easy-hide-login-plugin-1-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4303 – WP Limit Login Attempts <= 2.6.4 - IP Spoofing
https://notcve.org/view.php?id=CVE-2022-4303
27 Dec 2022 — The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based restrictions on login forms. El complemento WP Limit Login Attempts de WordPress hasta la versión 2.6.4 prioriza la obtención de la IP de un visitante de ciertos encabezados HTTP sobre REMOTE_ADDR de PHP, lo que permite evitar las restricciones basadas en IP en los formularios de inicio de sesión. The WP Limit Login Attempt... • https://wpscan.com/vulnerability/8428a5e1-dbef-4516-983f-f95605c6dd09 • CWE-290: Authentication Bypass by Spoofing CWE-348: Use of Less Trusted Source •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3634 – Contact Form 7 Database Addon < 1.2.6.5 - CSV Injection
https://notcve.org/view.php?id=CVE-2022-3634
27 Oct 2022 — The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection El complemento de WordPress del complemento de base de datos Contact Form 7 anterior a 1.2.6.5 no valida los datos cuando los devuelve a un archivo CSV, lo que podría provocar una inyección de CSV. The Contact Form 7 Database Addon plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.2.6.3. This allows attackers to em... • https://wpscan.com/vulnerability/b5eeefb0-fb5e-4ca6-a6f0-67f4be4a2b10 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36885 – WordPress Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.6.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2021-36885
12 Nov 2021 — Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.6.1). Se ha detectado una vulnerabilidad de tipo Cross-Site Scripting (XSS) Almacenado sin autenticación en el plugin Contact Form 7 Database Addon – CFDB7 de WordPress (versiones anteriores a 1.2.6.1 incluyéndola) • https://patchstack.com/database/vulnerability/contact-form-cfdb7/wordpress-contact-form-7-database-addon-cfdb7-plugin-1-2-6-1-unauthenticated-stored-cross-site-scripting-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36886 – WordPress Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.5.9 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2021-36886
12 Nov 2021 — Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.5.9). Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) detectada en el plugin Contact Form 7 Database Addon - CFDB7 de WordPress (versiones a 1.2.5.9 incluyéndola) • https://patchstack.com/database/vulnerability/contact-form-cfdb7/wordpress-contact-form-7-database-addon-cfdb7-plugin-1-2-5-9-cross-site-request-forgery-csrf-vulnerability • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24144 – Contact Form 7 Database Addon < 1.2.5.6 - CSV Injection
https://notcve.org/view.php?id=CVE-2021-24144
25 Jan 2021 — Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files. Una entrada no comprobada en el plugin Contact Form 7 Database Addon, versiones anteriores a 1.2.5.6, era propensa a una vulnerabilidad que permite a atacantes remotos inyectar fórmulas arbitrarias en archivos CSV • https://wpscan.com/vulnerability/143cdaff-c536-4ff9-8d64-c617511ddd48 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2015-6829 – WP Limit Login Attempts < 2.0.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2015-6829
05 Sep 2015 — Multiple SQL injection vulnerabilities in the getip function in wp-limit-login-attempts.php in the WP Limit Login Attempts plugin before 2.0.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header. Múltiples vulnerabilidades de inyección SQL en la función getip en wp-limit-login-attempts.php en el plugin WP Limit Login Attempts en versiones anteriores a 2.0.1 para WordPress, permite a atacantes remotos ejecutar comandos SQL arbitrario... • http://www.openwall.com/lists/oss-security/2015/09/05/4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •