Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.2 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-49750
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoonthemes Couponis - Affiliate & Submitting Coupons WordPress Theme.This issue affects Couponis - Affiliate & Submitting Coupons WordPress Theme: from n/a pri...
Spoonthemes Couponis
9.8
CVSSv3
CVE-2023-5974
The WPB Show Core WordPress plugin up to and including 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter.
Wpb Show Core Project Wpb Show Core
9.8
CVSSv3
CVE-2023-4922
The WPB Show Core WordPress plugin up to and including 2.2 is vulnerable to a local file inclusion via the `path` parameter.
Wpb Show Core Project Wpb Show Core
9.8
CVSSv3
CVE-2022-1390
The Admin Word Count Column WordPress plugin up to and including 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated malicious users to read arbitrary files on server running old version of PHP susceptible to the null byte technique. Th...
Admin Word Count Column Project Admin Word Count Column
8.8
CVSSv3
CVE-2022-0215
The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart Woocommerce (Ajax) WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the save_settings function found in the ~/includes/xoo-framework/admin/class-xoo-admin-settings.p...
Xootix Login\\/signup Popup
Xootix Side Cart Woocommerce
Xootix Waitlist Woocommerce
8.8
CVSSv3
CVE-2021-24491
The Fileviewer WordPress plugin up to and including 2.2 does not have CSRF checks in place when performing actions such as upload and delete files. As a result, attackers could make a logged in administrator delete and upload arbitrary files via a CSRF attack
Fileviewer Project Fileviewer
6.5
CVSSv3
CVE-2022-2762
The AdminPad WordPress plugin prior to 2.2 does not have CSRF check when updating admin's note, allowing malicious users to make a logged in admin update their notes via a CSRF attack
Adminpad Project Adminpad
6.5
CVSSv3
CVE-2015-9408
The xpinner-lite plugin up to and including 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS.
Cyberseo Xpinner Lite
6.5
CVSSv3
CVE-2019-14679
core/views/arprice_import_export.php in the ARPrice Lite plugin 2.2 for WordPress allows wp-admin/admin.php?page=arplite_import_export CSRF.
Reputeinfosystems Arprice Lite 2.2
6.1
CVSSv3
CVE-2023-4315
The Woo Custom Emails for WordPress is vulnerable to Reflected Cross-Site Scripting via the wcemails_edit parameter in versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated malicious users to inje...
Wp3sixty Woo Custom Emails
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »