CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41854 – WordPress wpCentral Plugin <= 1.5.7 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-41854
05 Sep 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Ltd. WpCentral plugin <= 1.5.7 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Softaculous Ltd. WpCentral en versiones <= 1.5.7. The wpCentral plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. • https://patchstack.com/database/vulnerability/wp-central/wordpress-wpcentral-plugin-1-5-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 21%CPEs: 1EXPL: 1CVE-2020-9043 – wpCentral <= 1.5.0 - Improper Access Control to Privilege Escalation
https://notcve.org/view.php?id=CVE-2020-9043
17 Feb 2020 — The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key. El plugin wpCentral versiones anteriores a 1.5.1 para WordPress, permite una divulgación de la clave de conexión. The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key which makes it possible for an unauthenticated user to log-in to a vulnerable site as an administrator. • https://plugins.trac.wordpress.org/changeset?&old=2244363%40wp-central&new=2244363%40wp-central • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-269: Improper Privilege Management •