Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
taurus omar vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2022-1001
The WP Downgrade WordPress plugin prior to 1.2.3 only perform client side validation of its "WordPress Target Version" settings, but does not sanitise and escape it server side, allowing high privilege users such as admin to perform Cross-Site attacks even when the unfi...
Wp Downgrade Project Wp Downgrade
6.1
CVSSv3
CVE-2023-1893
The Login Configurator WordPress plugin up to and including 2.1 does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site administrators.
Login Configurator Project Login Configurator
9.8
CVSSv3
CVE-2023-2601
The wpbrutalai WordPress plugin prior to 2.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin via CSRF.
Wp Brutal Ai Project Wp Brutal Ai
4.8
CVSSv3
CVE-2023-2606
The WP Brutal AI WordPress plugin prior to 2.06 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite ...
Brutalplugins Wp Brutal Ai
4.8
CVSSv3
CVE-2023-2029
The PrePost SEO WordPress plugin up to and including 3.0 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite s...
Enzipe Prepost Seo
4.8
CVSSv3
CVE-2023-2225
The SEO ALert WordPress plugin up to and including 1.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in mu...
Pottie Seo Alert
4.8
CVSSv3
CVE-2023-2223
The Login rebuilder WordPress plugin prior to 2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multis...
12net Login Rebuilder
4.8
CVSSv3
CVE-2023-2224
The SEO by 10Web WordPress plugin prior to 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
10web Seo
6.1
CVSSv3
CVE-2023-2605
The wpbrutalai WordPress plugin prior to 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin.
Wp Brutal Ai Project Wp Brutal Ai
6.1
CVSSv3
CVE-2023-1890
The Tablesome WordPress plugin prior to 1.0.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting
Pauple Tablesome
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »