Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2024-3820
The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to SQL Injection via the 'id_key' parameter of the wdt_delete_table_row AJAX action in all versions up to, and including, 6.3.1 due to insufficient...
10
CVSSv3
CVE-2020-35489
The contact-form-7 (aka Contact Form 7) plugin prior to 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.
Rocklobster Contact Form 7
5 Github repositories
10
CVSSv3
CVE-2020-24186
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 up to and including 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.
Gvectors Wpdiscuz
7 Github repositories
10
CVSSv3
CVE-2019-16932
A blind SSRF vulnerability exists in the Visualizer plugin prior to 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data.
Themeisle Visualizer
10
CVSSv3
CVE-2016-10926
The nelio-ab-testing plugin prior to 4.5.9 for WordPress has SSRF in ajax/iesupport.php.
Neliosoftware Nelio Ab Testing
10
CVSSv3
CVE-2016-10927
The nelio-ab-testing plugin prior to 4.5.11 for WordPress has SSRF in ajax/iesupport.php.
Neliosoftware Nelio Ab Testing
9.9
CVSSv3
CVE-2024-3549
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient...
9.9
CVSSv3
CVE-2024-3592
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'question_id' parameter in all versions up to, and including, 9.0.1 due to insufficient escaping on the user supplied parameter...
9.9
CVSSv3
CVE-2024-3200
The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of the 'wpforo' shortcode in all versions up to, and including, 2.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...
9.9
CVSSv3
CVE-2024-3342
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to SQL Injection via the 'events' attribute of the 'mp-timetable' shortcode in all versions up to, and including, 2.4.11 due to insufficient escaping on the user supplied paramete...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »