Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ron jost vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2021-24155
The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin prior to 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.
Backup-guard Backup Guard
7.2
CVSSv3
CVE-2021-24786
The Download Monitor WordPress plugin prior to 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue
Wpchill Download Monitor
9.8
CVSSv3
CVE-2021-24946
The Modern Events Calendar Lite WordPress plugin prior to 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue
Webnus Modern Events Calendar Lite
9.8
CVSSv3
CVE-2015-9323
The 404-to-301 plugin prior to 2.0.3 for WordPress has SQL injection.
Duckdev 404 To 301
8.8
CVSSv3
CVE-2017-18048
Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.
Monstra Monstra 3.0.4
8.8
CVSSv3
CVE-2017-14535
trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php.
Netfortris Trixbox 2.8.0.4
6.5
CVSSv3
CVE-2017-14537
trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
Netfortris Trixbox 2.8.0.4
9.1
CVSSv3
CVE-2018-15152
Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR prior to 5.0.1.4 allows a remote malicious user to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php...
Open-emr Openemr
8.8
CVSSv3
CVE-2017-9380
OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.
Open-emr Openemr
8.8
CVSSv3
CVE-2020-35948
An issue exists in the XCloner Backup and Restore plugin prior to 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an malicious user to achieve remote code execution. The xcloner_restore.php wri...
Xcloner Xcloner
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »