Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.5.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-0672
The Pz-LinkCard WordPress plugin up to and including 2.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
NA
CVE-2024-0673
The Pz-LinkCard WordPress plugin up to and including 2.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
NA
CVE-2024-0677
The Pz-LinkCard WordPress plugin up to and including 2.5.1 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks.
NA
CVE-2023-5006
The WP Discord Invite WordPress plugin prior to 2.5.1 does not protect some of its actions against CSRF attacks, allowing an unauthenticated malicious user to perform actions on their behalf by tricking a logged in administrator to submit a crafted request.
Sarveshmrao Wp Discord Invite
NA
CVE-2020-36742
The Custom Field Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on the edit_meta_value() function. This makes it possible for unauthenticated malicious users t...
Wpgogo Custom Field Template
NA
CVE-2019-25145
The Contact Form & SMTP Plugin by PirateForms plugin for WordPress is vulnerable to HTML injection in the ‘public/class-pirateforms-public.php’ file in versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it p...
Wpforms Contact Form
NA
CVE-2022-4022
The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are not sanitized. While version 2.5 adds the ability to sanitize image as they are uploaded, the plugin defaults to disable sanitization and doe...
Benbodhi Svg Support
6.8
CVSSv2
CVE-2022-0679
The Narnoo Distributor WordPress plugin up to and including 2.5.1 fails to validate and sanitize the lib_path parameter before it is passed into a call to require() via the narnoo_distributor_lib_request AJAX action (available to both unauthenticated and authenticated users) whic...
Narnoo Distributor Project Narnoo Distributor
6.5
CVSSv2
CVE-2022-0255
The Database Backup for WordPress plugin prior to 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue
Deliciousbrains Database Backup
4.3
CVSSv2
CVE-2021-25063
The Skins for Contact Form 7 WordPress plugin prior to 2.5.1 does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
Cf7skins Contact Form 7 Skins
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »