CVE-2022-47139
Cross-Site Request Forgery (CSRF) vulnerability in Damir Calusic WP Basic Elements plugin <=Â 5.2.15 versions.
Source: CVE-2022-47139
[월:] 2023년 05월
CVE-2022-47138
CVE-2022-47138
Cross-Site Request Forgery (CSRF) vulnerability in German Krutov LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin <=Â 2.1 versions.
Source: CVE-2022-47138
CVE-2022-46800
CVE-2022-46800
Cross-Site Request Forgery (CSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache plugin <=Â 5.3 versions.
Source: CVE-2022-46800
CVE-2022-46812
CVE-2022-46812
Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin <= 1.0.13 versions.
Source: CVE-2022-46812
CVE-2022-47135
CVE-2022-47135
Cross-Site Request Forgery (CSRF) vulnerability in chronoengine.Com Chronoforms plugin <=Â 7.0.9 versions.
Source: CVE-2022-47135
CVE-2022-41635
CVE-2022-41635
Cross-Site Request Forgery (CSRF) vulnerability in Zorem Advanced Shipment Tracking for WooCommerce plugin <=Â 3.5.2 versions.
Source: CVE-2022-41635
CVE-2023-1588
CVE-2023-1588
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Source: CVE-2023-1588
CVE-2022-46907
CVE-2022-46907
A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later.
Source: CVE-2022-46907
CVE-2023-2732
CVE-2023-2732
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.
Source: CVE-2023-2732
CVE-2023-2734
CVE-2023-2734
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.
Source: CVE-2023-2734