Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.3 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-36718
The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njt_gdpr_allow_permissions" value. This allows unauthenticated malicious users to inject a PHP Objec...
Ninjateam Gpdr Ccpa Compliance Support
9.8
CVSSv3
CVE-2021-44779
Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] AutoResponder WordPress plugin (versions <= 2.3), vulnerable at (&listid). No patched version available, plugin closed.
\\[gwa\\] Autoresponder Project \\[gwa\\] Autoresponder
9.8
CVSSv3
CVE-2014-8621
SQL injection vulnerability in the Store Locator plugin 2.3 up to and including 3.11 for WordPress allows remote malicious users to execute arbitrary SQL commands via the sl_custom_field parameter to sl-xml.php.
Store Locator Project Store Locator 2.3
Store Locator Project Store Locator 3.11
9.8
CVSSv3
CVE-2016-10033
The mailSend function in the isMail transport in PHPMailer prior to 5.2.18 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
Phpmailer Project Phpmailer
Wordpress Wordpress
Joomla Joomla\\!
9 EDB exploits
117 Github repositories
8.8
CVSSv3
CVE-2021-24755
The myCred WordPress plugin prior to 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user
Mycred Mycred
7.5
CVSSv3
CVE-2015-9406
Directory traversal vulnerability in the mTheme-Unus theme prior to 2.3 for WordPress allows an malicious user to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php.
Mtheme-unus Project Mtheme-unus
7.5
CVSSv3
CVE-2018-5287
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page.
Gd Rating System Project Gd Rating System 2.3
7.5
CVSSv3
CVE-2018-5290
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page.
Gd Rating System Project Gd Rating System 2.3
7.5
CVSSv3
CVE-2018-5291
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-tools page.
Gd Rating System Project Gd Rating System 2.3
7.5
CVSSv3
CVE-2018-5289
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-information page.
Gd Rating System Project Gd Rating System 2.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »