Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.3.1 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-45370
Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a up to and including 2.3.1.
Webtoffee Wordpress Comments Import And Export
9.8
CVSSv3
CVE-2022-4099
The Joy Of Text Lite WordPress plugin prior to 2.3.1 does not properly sanitise and escape some parameters before using them in SQL statements accessible to unauthenticated users, leading to unauthenticated SQL injection
Getcloudsms Joy Of Text Lite
9.8
CVSSv3
CVE-2021-25032
The PublishPress Capabilities WordPress plugin prior to 2.3.1, PublishPress Capabilities Pro WordPress plugin prior to 2.3.1 does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated ...
Publishpress Capabilities
1 Github repository
9.8
CVSSv3
CVE-2007-6013
Wordpress 1.5 up to and including 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows malicious users to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.
Wordpress Wordpress
Fedoraproject Fedora 8
Fedoraproject Fedora 7
8.8
CVSSv3
CVE-2022-3776
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions s...
Oracle Restaurant Menu - Food Ordering System - Table Reservation
7.5
CVSSv3
CVE-2017-11658
In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack.
Wp-rocket Wp-rocket 2.9.11
Wp-rocket Wp-rocket 2.9.10
Wp-rocket Wp-rocket 2.9.9
Wp-rocket Wp-rocket 2.9.8.1
Wp-rocket Wp-rocket 2.8.18
Wp-rocket Wp-rocket 2.8.17
Wp-rocket Wp-rocket 2.8.16
Wp-rocket Wp-rocket 2.8.15
Wp-rocket Wp-rocket 2.8.1
Wp-rocket Wp-rocket 2.8.0
Wp-rocket Wp-rocket 2.7.4
Wp-rocket Wp-rocket 2.7.3
Wp-rocket Wp-rocket 2.6.7
Wp-rocket Wp-rocket 2.6.6
Wp-rocket Wp-rocket 2.6.5
Wp-rocket Wp-rocket 2.6.4
Wp-rocket Wp-rocket 2.5.3
Wp-rocket Wp-rocket 2.5.2
Wp-rocket Wp-rocket 2.5.1
Wp-rocket Wp-rocket 2.5.0
Wp-rocket Wp-rocket 2.3.1
Wp-rocket Wp-rocket 2.3.0
6.5
CVSSv3
CVE-2016-10959
The estatik plugin prior to 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php.
Estatik Estatik
6.1
CVSSv3
CVE-2020-36731
The Flexible Checkout Fields for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Plugin Settings update, in addition to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to missing authorization checks on the updateSettin...
Wpdesk Flexible Checkout Fields For Woocommerce
6.1
CVSSv3
CVE-2022-1951
The core plugin for kitestudio WordPress plugin prior to 2.3.1 does not sanitise and escape some parameters before outputting them back in a response of an AJAX action, available to both unauthenticated and authenticated users when a premium theme from the vendor is active, leadi...
Kitestudio Core Plugin For Kitestudio Themes
6.1
CVSSv3
CVE-2022-1167
There are unauthenticated reflected Cross-Site Scripting (XSS) vulnerabilities in CareerUp Careerup WordPress theme prior to 2.3.1, via the filter parameters.
Apusthemes Careerup
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »