Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2020-35489
The contact-form-7 (aka Contact Form 7) plugin prior to 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.
Rocklobster Contact Form 7
5 Github repositories
10
CVSSv3
CVE-2020-24186
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 up to and including 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.
Gvectors Wpdiscuz
7 Github repositories
10
CVSSv3
CVE-2019-16932
A blind SSRF vulnerability exists in the Visualizer plugin prior to 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data.
Themeisle Visualizer
10
CVSSv3
CVE-2016-10926
The nelio-ab-testing plugin prior to 4.5.9 for WordPress has SSRF in ajax/iesupport.php.
Neliosoftware Nelio Ab Testing
10
CVSSv3
CVE-2016-10927
The nelio-ab-testing plugin prior to 4.5.11 for WordPress has SSRF in ajax/iesupport.php.
Neliosoftware Nelio Ab Testing
9.9
CVSSv3
CVE-2024-3342
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to SQL Injection via the 'events' attribute of the 'mp-timetable' shortcode in all versions up to, and including, 2.4.11 due to insufficient escaping on the user supplied paramete...
9.9
CVSSv3
CVE-2023-3342
The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'ur_upload_profile_pic' function in versions up to, and including, 3.0.2. This makes it possible for authenticate...
Wpeverest User Registration
9.9
CVSSv3
CVE-2020-35951
An issue exists in the Quiz and Survey Master plugin prior to 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an malicious user to reinstall with a WordPress instance under their cont...
Expresstech Quiz And Survey Master
9.9
CVSSv3
CVE-2020-13126
An issue exists in the Elementor Pro plugin prior to 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor...
Elementor Elementor Page Builder
9.8
CVSSv3
CVE-2024-4544
The Pie Register - Social Sites Login (Add on) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.7. This is due to insufficient verification on the user being supplied during a social login through the plugin. This makes it possible...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »