Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.6.1 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-36719
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions prior to 2.6.1. This is due to a missing capability check on the lp_cc_addons_actions function. This makes it possible fo...
Cridio Listingpro
6.1
CVSSv3
CVE-2016-10880
The google-document-embedder plugin prior to 2.6.1 for WordPress has XSS.
Google Doc Embedder Project Google Doc Embedder
6.1
CVSSv3
CVE-2014-8087
Cross-site scripting (XSS) vulnerability in the post highlights plugin prior to 2.6.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the txt parameter in a headline action to ajax/ph_save.php.
Post Highlights Projects Post Highlights
5.4
CVSSv3
CVE-2023-0095
The Page View Count WordPress plugin prior to 2.6.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...
A3rev Page View Count
5.4
CVSSv3
CVE-2022-0765
The Loco Translate WordPress plugin prior to 2.6.1 does not properly remove inline events from elements in the source translation strings before outputting them in the editor in the plugin admin panel, allowing any user with access to the plugin (Translator and Administrator by d...
Loco Translate Project Loco Translate
5.3
CVSSv3
CVE-2020-36723
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions prior to 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated malicious users to extract sensitive data includin...
Cridio Listingpro
NA
CVE-2024-1502
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tutor_delete_announcement() function in all versions up to, and including, 2.6.1. This makes it possible for authent...
NA
CVE-2024-1503
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. This is due to missing or incorrect nonce validation on the erase_tutor_data() function. This makes it possible...
NA
CVE-2024-1751
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the question_id parameter in all versions up to, and including, 2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient p...
NA
CVE-2014-8585
Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.
Wpdownloadmanager Wordpress Download Manager 2.6.91
Wpdownloadmanager Wordpress Download Manager 2.6.9
Wpdownloadmanager Wordpress Download Manager 2.6.2
Wpdownloadmanager Wordpress Download Manager 2.6.1
Wpdownloadmanager Wordpress Download Manager 2.5.93
Wpdownloadmanager Wordpress Download Manager 2.5.92
Wpdownloadmanager Wordpress Download Manager 2.5.4
Wpdownloadmanager Wordpress Download Manager 2.5.3
Wpdownloadmanager Wordpress Download Manager 2.4.6
Wpdownloadmanager Wordpress Download Manager 2.4.5
Wpdownloadmanager Wordpress Download Manager 2.3.7
Wpdownloadmanager Wordpress Download Manager 2.3.6
Wpdownloadmanager Wordpress Download Manager 2.2.9
Wpdownloadmanager Wordpress Download Manager 2.2.8
Wpdownloadmanager Wordpress Download Manager 2.2.1
Wpdownloadmanager Wordpress Download Manager 2.2.0
Wpdownloadmanager Wordpress Download Manager 2.1.3
Wpdownloadmanager Wordpress Download Manager 2.0.16
Wpdownloadmanager Wordpress Download Manager 2.0.15
Wpdownloadmanager Wordpress Download Manager 2.0.8
Wpdownloadmanager Wordpress Download Manager 2.0.7
Wpdownloadmanager Wordpress Download Manager 1.5.33
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »