Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.0.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-30532
Server-Side Request Forgery (SSRF) vulnerability in Builderall Team Builderall Builder for WordPress.This issue affects Builderall Builder for WordPress: from n/a up to and including 2.0.1.
5.4
CVSSv3
CVE-2023-45829
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in HappyBox Newsletter & Bulk Email Sender – Email Newsletter Plugin for WordPress plugin <= 2.0.1 versions.
Happybox Newsletter \\& Bulk Email Sender
6.1
CVSSv3
CVE-2023-2605
The wpbrutalai WordPress plugin prior to 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin.
Wp Brutal Ai Project Wp Brutal Ai
4.8
CVSSv3
CVE-2023-1090
The SMTP Mailing Queue WordPress plugin prior to 2.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in mul...
Smtp Mailing Queue Project Smtp Mailing Queue
6.1
CVSSv3
CVE-2012-10014
A vulnerability classified as problematic has been found in Kau-Boy Backend Localization Plugin 2.0 on WordPress. Affected is the function backend_localization_admin_settings/backend_localization_save_setting/backend_localization_login_form/localize_backend of the file backend_lo...
Kau-boys Backend Localization
6.5
CVSSv3
CVE-2023-0889
Themeflection Numbers WordPress plugin prior to 2.0.1 does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrar...
Metagauss Themeflection Numbers
8.8
CVSSv3
CVE-2022-45066
Auth. (subscriber+) Broken Access Control vulnerability in WooSwipe WooCommerce Gallery plugin <= 2.0.1 on WordPress.
Thriveweb Wooswipe Woocommerce Gallery
5.4
CVSSv3
CVE-2022-36383
Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in WHA Word Search Puzzles game plugin <= 2.0.1 at WordPress.
Webhelpagency Wha Wordsearch
4.8
CVSSv3
CVE-2022-37335
Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in WHA's Word Search Puzzles game plugin <= 2.0.1 at WordPress.
Webhelpagency Word Search Puzzles
8.8
CVSSv3
CVE-2022-37405
Cross-Site Request Forgery (CSRF) vulnerability in Mickey Kay's Better Font Awesome plugin <= 2.0.1 at WordPress.
Better Font Awesome Project Better Font Awesome
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »