Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.0.7 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2024-3812
The Salient Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.7 via the 'nectar_icon' shortcode 'icon_linea' attribute. This makes it possible for authenticated attackers, with contributor-level and above...
6.4
CVSSv3
CVE-2024-3588
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...
NA
CVE-2024-1812
The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the 'font_url' parameter. This makes it possible for unauthenticated malicious users to make web requests to arbitrary locations originati...
4.3
CVSSv3
CVE-2021-4418
The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated malicious users to save c...
Wpfactory Custom Css\\, Js \\& Php
4.3
CVSSv3
CVE-2023-0328
The WPCode WordPress plugin prior to 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication (such ...
Wpcode Wpcode
5.4
CVSSv3
CVE-2006-10001
A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up to 2.0.7 on WordPress. This affects an unknown part of the file subscribe-to-comments.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remo...
Pluginmirror Subscribe To Comments
4.8
CVSSv3
CVE-2021-24920
The StatCounter WordPress plugin prior to 2.0.7 does not sanitise and escape the Project ID and Secure Code settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Statcounter Statcounter
6.1
CVSSv3
CVE-2016-10900
The uji-countdown plugin prior to 2.0.7 for WordPress has XSS.
Wpmanage Uji Countdown
4.3
CVSSv3
CVE-2018-20154
The WP Maintenance Mode plugin prior to 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses.
Designmodo Wp Maintenance Mode
7.2
CVSSv3
CVE-2018-20156
The WP Maintenance Mode plugin prior to 2.0.7 for WordPress allows remote authenticated "site administrator" users to execute arbitrary PHP code throughout a multisite network.
Designmodo Wp Maintenance Mode
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »