Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-2304
The Animated Headline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animated-headline' shortcode in all versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. ...
NA
CVE-2024-1234
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via data attribute in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6 Github repositories
5.4
CVSSv3
CVE-2023-5467
The GEO my WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers w...
Geomywp Geo My Wordpress
6.1
CVSSv3
CVE-2023-3139
The Protect WP Admin WordPress plugin prior to 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered.
Wp-experts Protect Wp Admin
6.1
CVSSv3
CVE-2023-1596
The tagDiv Composer WordPress plugin prior to 4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Tagdiv Composer
5.4
CVSSv3
CVE-2022-4458
The amr shortcode any widget WordPress plugin up to and including 4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks wh...
Amr Shortcode Any Widget Project Amr Shortcode Any Widget
4.8
CVSSv3
CVE-2022-3835
The Kwayy HTML Sitemap WordPress plugin prior to 4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multi...
Kwayyinfotech Kwayy Html Sitemap
6.1
CVSSv3
CVE-2022-29430
Cross-Site Scripting (XSS) vulnerability in KubiQ's PNG to JPG plugin <= 4.0 at WordPress via Cross-Site Request Forgery (CSRF). Vulnerable parameter &jpg_quality.
Png To Jpg Project Png To Jpg
6.5
CVSSv3
CVE-2021-24872
The Get Custom Field Values WordPress plugin prior to 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata.
Get Custom Field Values Project Get Custom Field Values
6.1
CVSSv3
CVE-2021-24335
The Car Repair Services & Auto Mechanic WordPress theme prior to 4.0 did not properly sanitise its serviceestimatekey search parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue
Smartdatasoft Car Repair Services \\& Auto Mechanic
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »