Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-3726
The Login Logout Register Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'llrmloginlogout' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attri...
NA
CVE-2023-6799
The WP Reset – Most Advanced WordPress Reset Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 via the use of insufficiently random snapshot names. This makes it possible for unauthenticated malicious users t...
NA
CVE-2024-0709
The Cryptocurrency Widgets – Price Ticker & Coins List plugin for WordPress is vulnerable to SQL Injection via the 'coinslist' parameter in versions 2.0 to 2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on ...
Coolplugins Cryptocurrency Widgets
NA
CVE-2022-40700
Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP &nda...
Millionclues Admin Css Mu
Deano Amp Toolbox
Unihost Confirm Data
Agence-press Css Adder
Millionclues Custom Login Admin Front-end Css
Montonio Montonio For Woocommerce
Frumph Phpfreechat
Designmodo Qards
Paulclark Styles
Squidesma Theme Minifier
Longwatchstudio Woosupply
Longwatchstudio Woovip
Longwatchstudio Woovirtualwallet
Arcstone Amo For Wp - Membership Management
Wpopal Wpopal Core Features
NA
CVE-2023-7083
The Voting Record WordPress plugin up to and including 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow malicious users to make logged in admin add Stored XSS payloads via a CSRF attack
Davidjmiller Voting Record
NA
CVE-2023-7084
The Voting Record WordPress plugin up to and including 2.0 is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks
Davidjmiller Voting Record
NA
CVE-2023-0824
The User registration & user profile WordPress plugin up to and including 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow malicious users to make logged-in admin add Stored XSS payloads via a CSRF attack.
Wpuserplus Userplus
NA
CVE-2023-29384
Unrestricted Upload of File with Dangerous Type vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a up to and including 2.0.
Hmplugin Jobwp
NA
CVE-2023-5005
The Autocomplete Location field Contact Form 7 WordPress plugin prior to 3.0, autocomplete-location-field-contact-form-7-pro WordPress plugin prior to 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cro...
Codesmade Autocomplete Location Field Contact Form 7
NA
CVE-2023-5362
The Carousel, Recent Post Slider and Banner Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'spice_post_slider' shortcode in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attri...
Spicethemes Carousel\\, Recent Post Slider And Banner Slider
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »