Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ramuel gall vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-4709
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_library_template' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions,...
Royal-elementor-addons Royal Elementor Addons
4.3
CVSSv3
CVE-2022-4711
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions,...
Royal-elementor-addons Royal Elementor Addons
4.3
CVSSv3
CVE-2022-4705
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to...
Royal-elementor-addons Royal Elementor Addons
8.8
CVSSv3
CVE-2022-24664
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts.
Php Everywhere Project Php Everywhere
6.1
CVSSv3
CVE-2022-28221
The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter in`/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Comments.php`
Cleantalk Antispam
4.3
CVSSv3
CVE-2023-1910
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the get_remote_templates function in versions up to, and including, 1.8.3. This makes it possible for authenticated attackers wit...
Motopress Getwid - Gutenberg Blocks
6.1
CVSSv3
CVE-2023-0992
The Shield Security plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 17.0.17 via the 'User-Agent' header. This makes it possible for unauthenticated malicious users to inject arbitrary web scripts in pages that will exe...
Getshieldsecurity Shield Security
6.1
CVSSv3
CVE-2022-28222
The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter in`/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php`
Cleantalk Antispam
6.1
CVSSv3
CVE-2022-0710
The Header Footer Code Manager plugin <= 1.1.16 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter.
Draftpress Header Footer Code Manager
8.8
CVSSv3
CVE-2022-24663
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress shortcodes, which can be used by any authenticated user.
Php Everywhere Project Php Everywhere
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »
Vulmon