Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
patreon patreon wordpress vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-20984
The patreon-connect plugin prior to 1.2.2 for WordPress has Object Injection.
Patreon Patreon Wordpress
8.8
CVSSv3
CVE-2023-41129
Cross-Site Request Forgery (CSRF) vulnerability in Patreon Patreon WordPress.This issue affects Patreon WordPress: from n/a up to and including 1.8.6.
Patreon Patreon Wordpress
5.5
CVSSv3
CVE-2021-25026
The Patreon WordPress plugin prior to 1.8.2 does not sanitise and escape the field "Custom Patreon Page name", which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Patreon Patreon Wordpress
6.5
CVSSv3
CVE-2021-24231
The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin prior to 1.7.0, allowing malicious users to make a logged administrator disconnect the site from Patreon by visiting a specially crafted link.
9.6
CVSSv3
CVE-2021-24228
The Jetpack Scan team identified a Reflected Cross-Site Scripting in the Login Form of the Patreon WordPress plugin prior to 1.7.2. The WordPress login form (wp-login.php) is hooked by the plugin and offers to allow users to authenticate on the site using their Patreon account. U...
9.6
CVSSv3
CVE-2021-24229
The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreon_save_attachment_patreon_level AJAX action of the Patreon WordPress plugin prior to 1.7.2. This AJAX hook is used to update the pledge level required by Patreon subscribers to access a given attachme...
7.5
CVSSv3
CVE-2021-24227
The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin prior to 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains dat...
8.1
CVSSv3
CVE-2021-24230
The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin prior to 1.7.0, allowing malicious users to make a logged in user overwrite or create arbitrary user metadata on the victim’s account once visited. If exploited, this...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started