Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.2.0 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-29045
The food-and-drink-menu plugin up to and including 2.2.0 for WordPress allows remote malicious users to execute arbitrary code because of an unserialize operation on the fdm_cart cookie in load_cart_from_cookie in includes/class-cart-manager.php.
Fivestarplugins Five Star Restaurant Menu
9.8
CVSSv3
CVE-2018-8710
A remote code execution issue exists in the WooCommerce Products Filter (aka WOOF) plugin prior to 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The plugin implemented a page redraw AJAX function accessible to anyone without any aut...
Woocommerce-filter Woocommerce Products Filter
9.8
CVSSv3
CVE-2018-8711
A local file inclusion issue exists in the WooCommerce Products Filter (aka WOOF) plugin prior to 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The vulnerability is due to the lack of args/input validation on render_html before allo...
Woocommerce-filter Woocommerce Products Filter
8.8
CVSSv3
CVE-2022-47174
Cross-Site Request Forgery (CSRF) vulnerability in WordPress Performance Team Performance Lab plugin <= 2.2.0 versions.
Wordpress Performance Lab
7.5
CVSSv3
CVE-2016-10928
The onelogin-saml-sso plugin prior to 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users.
Onelogin Onelogin Saml Sso
7.5
CVSSv3
CVE-2017-11658
In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack.
Wp-rocket Wp-rocket 2.9.11
Wp-rocket Wp-rocket 2.9.10
Wp-rocket Wp-rocket 2.9.9
Wp-rocket Wp-rocket 2.9.8.1
Wp-rocket Wp-rocket 2.8.18
Wp-rocket Wp-rocket 2.8.17
Wp-rocket Wp-rocket 2.8.16
Wp-rocket Wp-rocket 2.8.15
Wp-rocket Wp-rocket 2.8.1
Wp-rocket Wp-rocket 2.8.0
Wp-rocket Wp-rocket 2.7.4
Wp-rocket Wp-rocket 2.7.3
Wp-rocket Wp-rocket 2.6.7
Wp-rocket Wp-rocket 2.6.6
Wp-rocket Wp-rocket 2.6.5
Wp-rocket Wp-rocket 2.6.4
Wp-rocket Wp-rocket 2.5.3
Wp-rocket Wp-rocket 2.5.2
Wp-rocket Wp-rocket 2.5.1
Wp-rocket Wp-rocket 2.5.0
Wp-rocket Wp-rocket 2.3.1
Wp-rocket Wp-rocket 2.3.0
7.2
CVSSv3
CVE-2023-2493
The All In One Redirection WordPress plugin prior to 2.2.0 does not properly sanitise and escape multiple parameters before using them in an SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
Vsourz All In One Redirection
7.2
CVSSv3
CVE-2022-3856
The Comic Book Management System WordPress plugin prior to 2.2.0 does not sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.
Inksplat Comic Book Management System
6.5
CVSSv3
CVE-2022-1761
The Peter’s Collaboration E-mails WordPress plugin up to and including 2.2.0 is vulnerable to CSRF due to missing nonce checks. This allows the change of its settings, which can be used to lower the required user level, change texts, the used email address and more.
Peter\\'s Collaboration E-mails Project Peter\\'s Collaboration E-mails
6.1
CVSSv3
CVE-2023-3292
The grid-kit-premium WordPress plugin prior to 2.2.0 does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Wpsofts Portfolio Gallery\\, Product Catalog - Grid Kit Portfolio
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »