Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-6799
The WP Reset – Most Advanced WordPress Reset Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 via the use of insufficiently random snapshot names. This makes it possible for unauthenticated malicious users t...
7.5
CVSSv3
CVE-2024-0709
The Cryptocurrency Widgets – Price Ticker & Coins List plugin for WordPress is vulnerable to SQL Injection via the 'coinslist' parameter in versions 2.0 to 2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on ...
Coolplugins Cryptocurrency Widgets
9.8
CVSSv3
CVE-2022-40700
Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP &nda...
Millionclues Admin Css Mu
Deano Amp Toolbox
Unihost Confirm Data
Agence-press Css Adder
Millionclues Custom Login Admin Front-end Css
Montonio Montonio For Woocommerce
Frumph Phpfreechat
Designmodo Qards
Paulclark Styles
Squidesma Theme Minifier
Longwatchstudio Woosupply
Longwatchstudio Woovip
Longwatchstudio Woovirtualwallet
Arcstone Amo For Wp - Membership Management
Wpopal Wpopal Core Features
5.4
CVSSv3
CVE-2023-7083
The Voting Record WordPress plugin up to and including 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow malicious users to make logged in admin add Stored XSS payloads via a CSRF attack
Davidjmiller Voting Record
5.4
CVSSv3
CVE-2023-7084
The Voting Record WordPress plugin up to and including 2.0 is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks
Davidjmiller Voting Record
6.5
CVSSv3
CVE-2023-0824
The User registration & user profile WordPress plugin up to and including 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow malicious users to make logged-in admin add Stored XSS payloads via a CSRF attack.
Wpuserplus Userplus
9.8
CVSSv3
CVE-2023-29384
Unrestricted Upload of File with Dangerous Type vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a up to and including 2.0.
Hmplugin Jobwp
4.8
CVSSv3
CVE-2023-5005
The Autocomplete Location field Contact Form 7 WordPress plugin prior to 3.0, autocomplete-location-field-contact-form-7-pro WordPress plugin prior to 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cro...
Codesmade Autocomplete Location Field Contact Form 7
5.4
CVSSv3
CVE-2023-5362
The Carousel, Recent Post Slider and Banner Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'spice_post_slider' shortcode in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attri...
Spicethemes Carousel\\, Recent Post Slider And Banner Slider
8.8
CVSSv3
CVE-2023-2229
The Quick Post Duplicator for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...
Wpspeedx Rduplicator
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »