Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 0.6.2 vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2022-4954
The Waiting: One-click countdowns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown name in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with ...
Plugin Waiting
4.3
CVSSv3
CVE-2023-3999
The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on its AJAX calls in versions up to, and including, 0.6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above...
Plugin Waiting
4.3
CVSSv3
CVE-2023-4000
The Waiting: One-click countdowns plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated malicious users to crea...
Plugin Waiting
5.4
CVSSv3
CVE-2023-2757
The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on 'saveLang' functions in versions up to, and including, 0.6.2. This could lead to Cross-Site Scripting due to insufficient input sanitization...
Plugin Waiting
8.8
CVSSv3
CVE-2023-28659
The Waiting: One-click Countdowns WordPress Plugin, version <= 0.6.2, is affected by an authenticated SQL injection vulnerability in the pbc_down[meta][id] parameter of the pbc_save_downs action.
Plugin Waiting
8.8
CVSSv3
CVE-2019-12934
An issue exists in the wp-code-highlightjs plugin up to and including 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljs_additional_css parameter.
Wp-code-highlightjs Project Wp-code-highlightjs
NA
CVE-2012-1834
Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head function in functions.php in the CMS Tree Page View plugin prior to 0.8.9 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the cms_tpv_view parameter to wp-admin/options-gener...
Cms Tree Page View Project Cms Tree Page View 0.8.3
Cms Tree Page View Project Cms Tree Page View 0.8.2
Cms Tree Page View Project Cms Tree Page View 0.7.16
Cms Tree Page View Project Cms Tree Page View 0.7.15
Cms Tree Page View Project Cms Tree Page View 0.7.8
Cms Tree Page View Project Cms Tree Page View 0.7.7
Cms Tree Page View Project Cms Tree Page View 0.6.3
Cms Tree Page View Project Cms Tree Page View 0.6.2
Cms Tree Page View Project Cms Tree Page View 0.5.3
Cms Tree Page View Project Cms Tree Page View 0.5.2
Cms Tree Page View Project Cms Tree Page View 0.4.5
Cms Tree Page View Project Cms Tree Page View 0.4.4
Cms Tree Page View Project Cms Tree Page View 0.1a
Cms Tree Page View Project Cms Tree Page View 0.8.1
Cms Tree Page View Project Cms Tree Page View 0.8
Cms Tree Page View Project Cms Tree Page View 0.7.14
Cms Tree Page View Project Cms Tree Page View 0.7.13
Cms Tree Page View Project Cms Tree Page View 0.7.6
Cms Tree Page View Project Cms Tree Page View 0.7.5
Cms Tree Page View Project Cms Tree Page View 0.6.1
Cms Tree Page View Project Cms Tree Page View 0.6
Cms Tree Page View Project Cms Tree Page View 0.5.1
NA
CVE-2011-5254
Unspecified vulnerability in the Connections plugin prior to 0.7.1.6 for WordPress has unknown impact and attack vectors.
Connections Project Connections 0.7.1.4
Connections Project Connections 0.7.0.1
Connections Project Connections 0.6.2.1
Connections Project Connections 0.5.1
Connections Project Connections 0.4.0
Connections Project Connections 0.2.10
Connections Project Connections 0.2.8
Connections Project Connections 0.7.1.3
Connections Project Connections 0.7.1.2
Connections Project Connections 0.7.1.1
Connections Project Connections 0.7.0.4
Connections Project Connections 0.7.0.3
Connections Project Connections 0.3.2
Connections Project Connections 0.2.24
Connections Project Connections 0.2.23
Connections Project Connections 0.2.22
Connections Project Connections 0.6.2
Connections Project Connections 0.6.1
Connections Project Connections 0.5.48
Connections Project Connections 0.5.47
Connections Project Connections 0.2.4
Connections Project Connections 0.2.3
NA
CVE-2012-2916
Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in the SABRE plugin prior to 2.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the active_option parameter to wp-admin/tools.php.
Dlo Simple Anti Bot Registration Engine Plugin 0.8.0
Dlo Simple Anti Bot Registration Engine Plugin 0.7.4
Dlo Simple Anti Bot Registration Engine Plugin 0.6.0
Dlo Simple Anti Bot Registration Engine Plugin 0.4.2
Dlo Simple Anti Bot Registration Engine Plugin 1.1.1
Dlo Simple Anti Bot Registration Engine Plugin 1.1.0
Dlo Simple Anti Bot Registration Engine Plugin 0.7.1
Dlo Simple Anti Bot Registration Engine Plugin 0.7.0
Dlo Simple Anti Bot Registration Engine Plugin 0.2.2
Dlo Simple Anti Bot Registration Engine Plugin 0.2.1
Dlo Simple Anti Bot Registration Engine Plugin 1.0.0
Dlo Simple Anti Bot Registration Engine Plugin 0.9.0
Dlo Simple Anti Bot Registration Engine Plugin 0.6.3
Dlo Simple Anti Bot Registration Engine Plugin 0.6.2
Dlo Simple Anti Bot Registration Engine Plugin 0.6.1
Dlo Simple Anti Bot Registration Engine Plugin 0.1.1
Dlo Simple Anti Bot Registration Engine Plugin
Dlo Simple Anti Bot Registration Engine Plugin 1.1.2
Dlo Simple Anti Bot Registration Engine Plugin 0.7.3
Dlo Simple Anti Bot Registration Engine Plugin 0.7.2
Dlo Simple Anti Bot Registration Engine Plugin 0.4.1
Dlo Simple Anti Bot Registration Engine Plugin 0.4.0
NA
CVE-2011-3853
Cross-site scripting (XSS) vulnerability in the Hybrid theme prior to 0.10 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the cpage parameter.
Themehybrid Hybrid
Themehybrid Hybrid 0.3
Themehybrid Hybrid 0.4
Themehybrid Hybrid 0.5
Themehybrid Hybrid 0.5.1
Themehybrid Hybrid 0.5.2
Themehybrid Hybrid 0.6
Themehybrid Hybrid 0.6.1
Themehybrid Hybrid 0.6.2
Themehybrid Hybrid 0.7
Themehybrid Hybrid 0.7.1
Themehybrid Hybrid 0.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »