Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.1.3 vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv3
CVE-2024-4374
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible ...
NA
CVE-2024-1071
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the us...
4 Github repositories
9.8
CVSSv3
CVE-2023-45069
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Video Gallery by Total-Soft Video Gallery – Best WordPress YouTube Gallery Plugin allows SQL Injection.This issue affects Video Gallery – Best WordPress You...
Total-soft Video Gallery
7.5
CVSSv3
CVE-2023-2180
The KIWIZ Invoices Certification & PDF System WordPress plugin up to and including 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated malicious user to read/downlaod arbitrary files, as well as perform PHAR unserialization (assuming ...
Kiwiz Invoices Certification \\& Pdf System Project Kiwiz Invoices Certification \\& Pdf System
6.5
CVSSv3
CVE-2023-0749
The Ocean Extra WordPress plugin prior to 2.1.3 does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected...
Oceanwp Ocean Extra
7.2
CVSSv3
CVE-2022-4371
The Web Invoice WordPress plugin up to and including 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration...
Mohanjith Web Invoice
7.2
CVSSv3
CVE-2022-4372
The Web Invoice WordPress plugin up to and including 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration...
Web Invoice Project Web Invoice
4.8
CVSSv3
CVE-2022-3128
The Donation Thermometer WordPress plugin prior to 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in m...
Donation Thermometer Project Donation Thermometer
7.5
CVSSv3
CVE-2022-1442
The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated malicious user to view all API keys and secrets of integrated third-party APIs like that ...
Wpmet Metform Elementor Contact Form Builder
1 Github repository
5.4
CVSSv3
CVE-2021-24412
The Html5 Audio Player – Audio Player for WordPress plugin prior to 2.1.3 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with...
Bplugins Html5 Audio Player
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »