Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.2.2 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-24499
The Workreap WordPress theme prior to 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the ...
Amentotech Workreap
3 Github repositories
8.1
CVSSv3
CVE-2021-24501
The Workreap WordPress theme prior to 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting objects. This allowed a logged in user to modify or delete objects belonging to othe...
Amentotech Workreap
8.1
CVSSv3
CVE-2021-24500
Several AJAX actions available in the Workreap WordPress theme prior to 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an malicious user to trick a logged in user to submit a POST request to the vulnerable...
Amentotech Workreap
7.5
CVSSv3
CVE-2021-39312
The True Ranker plugin <= 2.2.2 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file.
Trueranker True Ranker
7.5
CVSSv3
CVE-2018-10363
An issue exists in the WpDevArt "Booking calendar, Appointment Booking System" plugin 2.2.2 for WordPress. Multiple parameters allow remote malicious users to manipulate the values to change data such as prices.
Wpdevart Booking Calendar 2.2.2
7.5
CVSSv3
CVE-2017-11658
In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack.
Wp-rocket Wp-rocket 2.9.11
Wp-rocket Wp-rocket 2.9.10
Wp-rocket Wp-rocket 2.9.9
Wp-rocket Wp-rocket 2.9.8.1
Wp-rocket Wp-rocket 2.8.18
Wp-rocket Wp-rocket 2.8.17
Wp-rocket Wp-rocket 2.8.16
Wp-rocket Wp-rocket 2.8.15
Wp-rocket Wp-rocket 2.8.1
Wp-rocket Wp-rocket 2.8.0
Wp-rocket Wp-rocket 2.7.4
Wp-rocket Wp-rocket 2.7.3
Wp-rocket Wp-rocket 2.6.7
Wp-rocket Wp-rocket 2.6.6
Wp-rocket Wp-rocket 2.6.5
Wp-rocket Wp-rocket 2.6.4
Wp-rocket Wp-rocket 2.5.3
Wp-rocket Wp-rocket 2.5.2
Wp-rocket Wp-rocket 2.5.1
Wp-rocket Wp-rocket 2.5.0
Wp-rocket Wp-rocket 2.3.1
Wp-rocket Wp-rocket 2.3.0
6.1
CVSSv3
CVE-2023-4635
The EventON plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated malicious users to inj...
Myeventon Eventon-lite
6.1
CVSSv3
CVE-2023-2362
The Float menu WordPress plugin prior to 5.0.2, Bubble Menu WordPress plugin prior to 3.0.4, Button Generator WordPress plugin prior to 2.3.5, Calculator Builder WordPress plugin prior to 1.5.1, Counter Box WordPress plugin prior to 1.2.2, Floating Button WordPress plugin prior t...
Wow-company Button Generator
Wow-company Bubble Menu
Wow-company Float Menu
Wow-company Wp Coder
Wow-company Wow Skype Buttons
Wow-company Sticky Buttons
Wow-company Side Menu Lite
Wow-company Herd Effects
Wow-company Floating Button
Wow-company Counter Box
Wow-company Calculator-builder
Wow-company Popup Box
5.4
CVSSv3
CVE-2023-28665
The Woo Bulk Price Update WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'page' parameter to the techno_get_products action, which can only be triggered by an authenticated user.
Technocrackers Bulk Price Update For Woocommerce
5.4
CVSSv3
CVE-2023-28666
The InPost Gallery WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the add_inpost_gallery_slide_item action, which can only be triggered by an authenticated user.
Pluginus Inpost Gallery
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »