Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.0.8 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-2732
The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'themify_post_slider shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. T...
NA
CVE-2023-5799
The WP Hotel Booking WordPress plugin prior to 2.0.8 does not have proper authorisation when deleting a package, allowing Contributor and above roles to delete posts that do no belong to them
Thimpress Wp Hotel Booking
NA
CVE-2023-5651
The WP Hotel Booking WordPress plugin prior to 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts
Thimpress Wp Hotel Booking
NA
CVE-2023-5652
The WP Hotel Booking WordPress plugin prior to 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admin_init, allowing unauthenticated users to perform SQL injections
Thimpress Wp Hotel Booking
NA
CVE-2006-10001
A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up to 2.0.7 on WordPress. This affects an unknown part of the file subscribe-to-comments.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remo...
Pluginmirror Subscribe To Comments
NA
CVE-2023-0151
The uTubeVideo Gallery WordPress plugin prior to 2.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site S...
Utubevideo Gallery Project Utubevideo Gallery
NA
CVE-2022-4787
Themify Shortcodes WordPress plugin prior to 2.0.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Themify Shortcodes
NA
CVE-2022-4548
The Optimize images ALT Text & names for SEO using AI WordPress plugin prior to 2.0.8 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged-in admin change them via a CSRF attack.
Imageseo Optimize Images Alt Text \\(alt Tag\\) \\& Names For Seo Using Ai
NA
CVE-2022-34867
Unauthenticated Sensitive Information Disclosure vulnerability in WP Libre Form 2 plugin <= 2.0.8 at WordPress allows malicious users to list and delete submissions. Affects only versions from 2.0.0 to 2.0.8.
Wp Libre Form Project Wp Libre Form
4.3
CVSSv2
CVE-2022-0147
The Cookie Information | Free GDPR Consent Solution WordPress plugin prior to 2.0.8 does not escape user data before outputting it back in attributes in the admin dashboard, leading to a Reflected Cross-Site Scripting issue
Cookieinformation Wp-gdpr-compliance
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »