Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
wordpress wordpress 2.0.6 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2012-1068
Cross-site scripting (XSS) vulnerability in the rc_ajax function in core.php in the WP-RecentComments plugin before 2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter, related to AJAX paging....
Mg12 Wp-recentcomments 2.0.4
Mg12 Wp-recentcomments 2.0.3
Mg12 Wp-recentcomments 2.0.6
Mg12 Wp-recentcomments 2.0.5
Mg12 Wp-recentcomments 1.8.1
Mg12 Wp-recentcomments 1.8
Mg12 Wp-recentcomments 2.0.2
Mg12 Wp-recentcomments 2.0.1
Mg12 Wp-recentcomments
Mg12 Wp-recentcomments 2.0
Mg12 Wp-recentcomments 1.8.2
4.3
CVSSv2
CVE-2014-3841
Cross-site scripting (XSS) vulnerability in the Contact Bank plugin before 2.0.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Label field, related to form layout configuration. NOTE: some of these details are obtained from third party...
Tech-banker Contact Bank 2.0.16
Tech-banker Contact Bank 2.0.14
Tech-banker Contact Bank 2.0.7
Tech-banker Contact Bank
Tech-banker Contact Bank 2.0.18
Tech-banker Contact Bank 2.0.4
Tech-banker Contact Bank 2.0.3
Tech-banker Contact Bank 2.0.2
Tech-banker Contact Bank 2.0.1
Tech-banker Contact Bank 2.0.12
Tech-banker Contact Bank 2.0.11
Tech-banker Contact Bank 2.0.10
Tech-banker Contact Bank 2.0.9
Tech-banker Contact Bank 2.0.17
Tech-banker Contact Bank 2.0.15
Tech-banker Contact Bank 2.0.13
Tech-banker Contact Bank 2.0.8
Tech-banker Contact Bank 2.0.6
Tech-banker Contact Bank 2.0.5
Tech-banker Contact Bank 2.0.0
6.8
CVSSv2
CVE-2018-21002
The js-support-ticket plugin before 2.0.6 for WordPress has CSRF....
4.3
CVSSv2
CVE-2016-10952
The quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter....
4.3
CVSSv2
CVE-2019-14327
A CSRF vulnerability in Settings form in the Custom Simple Rss plugin 2.0.6 for WordPress allows attackers to change the plugin settings....
5
CVSSv2
CVE-2014-4942
The EasyCart (wp-easycart) plugin before 2.0.6 for WordPress allows remote attackers to obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function....
6.8
CVSSv2
CVE-2007-0106
Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly...
3.5
CVSSv2
CVE-2021-24266
The “The Plus Addons for Elementor Page Builder Lite” WordPress Plugin before 2.0.6 has four widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method....
6.8
CVSSv2
CVE-2020-22275
Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable....
6.8
CVSSv2
CVE-2007-0107
WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using...
1 EDB exploit available
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-32471
CVE-2021-31167
CVE-2021-22204
command injection
CVE-2021-31204
cross-site scripting
CVE-2021-31912
encryption
CVE-2021-28465
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »
Vulmon