Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.2 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-6592
The FastDup WordPress plugin prior to 2.2 does not prevent directory listing in sensitive directories containing export files.
Ninjateam Fastdup
NA
CVE-2023-6046
The EventON WordPress plugin prior to 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfiltered_html capability is disallowed.
Myeventon Eventon
NA
CVE-2023-49750
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoonthemes Couponis - Affiliate & Submitting Coupons WordPress Theme.This issue affects Couponis - Affiliate & Submitting Coupons WordPress Theme: from n/a pri...
Spoonthemes Couponis
NA
CVE-2023-4922
The WPB Show Core WordPress plugin up to and including 2.2 is vulnerable to a local file inclusion via the `path` parameter.
Wpb Show Core Project Wpb Show Core
NA
CVE-2023-5974
The WPB Show Core WordPress plugin up to and including 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter.
Wpb Show Core Project Wpb Show Core
NA
CVE-2023-5708
The WP Post Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'column' shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Wp Post Columns Project Wp Post Columns
NA
CVE-2023-4388
The EventON WordPress plugin prior to 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Myeventon Eventon
NA
CVE-2023-4315
The Woo Custom Emails for WordPress is vulnerable to Reflected Cross-Site Scripting via the wcemails_edit parameter in versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated malicious users to inje...
Wp3sixty Woo Custom Emails
NA
CVE-2023-23734
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Voswinkel Userlike – WordPress Live Chat plugin <= 2.2 versions.
Userlike Userlike
NA
CVE-2022-4198
The WP Social Sharing WordPress plugin up to and including 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for exampl...
Wp Social Sharing Project Wp Social Sharing
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »