CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34171 – WordPress WP Report Post Plugin <= 2.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-34171
31 May 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Alex Raven WP Report Post plugin <= 2.1.2 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Alex Raven WP Report Post en versiones <= 2.1.2. The WP Report Post plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.2. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function via a f... • https://patchstack.com/database/vulnerability/wp-report-post/wordpress-wp-report-post-plugin-2-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34168 – WordPress WP Report Post Plugin <= 2.1.2 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-34168
30 May 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Raven WP Report Post allows SQL Injection.This issue affects WP Report Post: from n/a through 2.1.2. La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyección SQL') en Alex Raven WP Report Post permite la inyección SQL. Este problema afecta a WP Report Post: desde n/a hasta 2.1.2. The WP Report Post plugin for WordPress is vulnerable to SQL Injecti... • https://patchstack.com/database/vulnerability/wp-report-post/wordpress-wp-report-post-plugin-2-1-2-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •