Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.2 vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2023-6592
The FastDup WordPress plugin prior to 2.2 does not prevent directory listing in sensitive directories containing export files.
Ninjateam Fastdup
4.8
CVSSv3
CVE-2023-6046
The EventON WordPress plugin prior to 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfiltered_html capability is disallowed.
Myeventon Eventon
9.8
CVSSv3
CVE-2023-49750
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoonthemes Couponis - Affiliate & Submitting Coupons WordPress Theme.This issue affects Couponis - Affiliate & Submitting Coupons WordPress Theme: from n/a pri...
Spoonthemes Couponis
9.8
CVSSv3
CVE-2023-4922
The WPB Show Core WordPress plugin up to and including 2.2 is vulnerable to a local file inclusion via the `path` parameter.
Wpb Show Core Project Wpb Show Core
9.8
CVSSv3
CVE-2023-5974
The WPB Show Core WordPress plugin up to and including 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter.
Wpb Show Core Project Wpb Show Core
5.4
CVSSv3
CVE-2023-5708
The WP Post Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'column' shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Wp Post Columns Project Wp Post Columns
4.8
CVSSv3
CVE-2023-4388
The EventON WordPress plugin prior to 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Myeventon Eventon
6.1
CVSSv3
CVE-2023-4315
The Woo Custom Emails for WordPress is vulnerable to Reflected Cross-Site Scripting via the wcemails_edit parameter in versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated malicious users to inje...
Wp3sixty Woo Custom Emails
4.8
CVSSv3
CVE-2023-23734
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Voswinkel Userlike – WordPress Live Chat plugin <= 2.2 versions.
Userlike Userlike
4.8
CVSSv3
CVE-2022-4198
The WP Social Sharing WordPress plugin up to and including 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for exampl...
Wp Social Sharing Project Wp Social Sharing
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »