Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.0.9 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2015-7517
Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin prior to 2.0.9 for WordPress allow remote malicious users to execute arbitrary SQL commands via the ver parameter to (1) class-doifd-download.php or (2) class-doifd-landing-page.php in public/includes...
Labwebdesigns Double Opt-in For Download
8.8
CVSSv3
CVE-2024-3895
The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdp_add_new_datepicker_ajax() function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscri...
8.8
CVSSv3
CVE-2022-40192
Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.
Gvectors Wpforo Forum
8.8
CVSSv3
CVE-2022-40200
Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.
Gvectors Wpforo Forum
8.8
CVSSv3
CVE-2021-39317
A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.p...
Accesspressthemes Access Demo Importer
Accesspressthemes Eightstore-lite
Accesspressthemes Enlighten
Accesspressthemes Fotography
Accesspressthemes Opstore
Accesspressthemes Parallaxsome
Accesspressthemes Punte
Accesspressthemes Revolve
Accesspressthemes Ripple
Accesspressthemes Sakala
Accesspressthemes Scrollme
Accesspressthemes Storevilla
Accesspressthemes Swing-lite
Accesspressthemes The100
Accesspressthemes Accesspress-lite
Accesspressthemes The-launcher
Accesspressthemes The-monday
Accesspressthemes Ultra-seven
Accesspressthemes Uncode-lite
Accesspressthemes Vmag
Accesspressthemes Vmagazine-lite
Accesspressthemes Vmagazine-news
8.8
CVSSv3
CVE-2015-2673
The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 up to and including 3.0.20 for WordPress allow remote malicious users to gain administrator privileges and execute arbitrary code via the opti...
Wpeasycart Wp Easycart 1.2.9
Wpeasycart Wp Easycart 1.2.8
Wpeasycart Wp Easycart 1.2.7
Wpeasycart Wp Easycart 1.2.6
Wpeasycart Wp Easycart 2.0.2
Wpeasycart Wp Easycart 2.0.3
Wpeasycart Wp Easycart 2.0.4
Wpeasycart Wp Easycart 2.0.5
Wpeasycart Wp Easycart 2.0.20
Wpeasycart Wp Easycart 2.0.21
Wpeasycart Wp Easycart 2.0.22
Wpeasycart Wp Easycart 2.1.0
Wpeasycart Wp Easycart 2.1.13
Wpeasycart Wp Easycart 2.1.14
Wpeasycart Wp Easycart 2.1.15
Wpeasycart Wp Easycart 2.1.16
Wpeasycart Wp Easycart 2.1.17
Wpeasycart Wp Easycart 2.1.30
Wpeasycart Wp Easycart 2.1.31
Wpeasycart Wp Easycart 2.1.32
Wpeasycart Wp Easycart 2.1.33
Wpeasycart Wp Easycart 3.0.12
7.2
CVSSv3
CVE-2023-0487
The My Sticky Elements WordPress plugin prior to 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement when deleting messages, leading to a SQL injection exploitable by high privilege users such as admin
Premio My Sticky Elements
6.5
CVSSv3
CVE-2023-1624
The WPCode WordPress plugin prior to 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow malicious users to make users with the wpcode_activate_snippets capability delete arbitrary log files on...
Wpcode Wpcode
6.4
CVSSv3
CVE-2024-4567
The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themify_button shortcode in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...
5.4
CVSSv3
CVE-2023-0526
The Post Shortcode WordPress plugin up to and including 2.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross...
Post Shortcode Project Post Shortcode
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »