CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48279 – WordPress Seraphinite Post .DOCX Source Plugin <= 2.16.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-48279
23 Nov 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source allows Cross Site Request Forgery.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.6. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Seraphinite Solutions Seraphinite Post .DOCX Source permite la Cross-Site Request Forgery. Este problema afecta a Seraphinite Post .DOCX Source: desde n/a hasta 2.16.6. The Seraphinite Post .DOCX Source plugin for WordPress is vulnerable to Cros... • https://patchstack.com/database/vulnerability/seraphinite-post-docx-source/wordpress-seraphinite-post-docx-source-plugin-2-16-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5609 – Seraphinite Accelerator < 2.20.29 - Reflected XSS
https://notcve.org/view.php?id=CVE-2023-5609
27 Oct 2023 — The Seraphinite Accelerator WordPress plugin before 2.2.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin El complemento Seraphinite Accelerator de WordPress anterior a 2.2.29 no sanitiza ni escapa un parámetro antes de devolverlo a la página, lo que genera un ataque de Cross-Site Scripting reflejado que podría usarse contra usuarios con privilegios elevados, como admin... • https://wpscan.com/vulnerability/aac4bcc8-b826-4165-aed3-f422dd178692 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5610 – Seraphinite Accelerator < 2.20.29 - Authenticated Arbitrary Redirect
https://notcve.org/view.php?id=CVE-2023-5610
27 Oct 2023 — The Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect El complemento Seraphinite Accelerator de WordPress anterior a 2.2.29 no valida la URL para redirigir a cualquier usuario autenticado, lo que genera una redirección arbitraria. The Seraphinite Accelerator plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.20.28. This is due to insufficient validation on the redir... • https://wpscan.com/vulnerability/e880a9fb-b089-4f98-9781-7d946f22777e • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •