Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.3.2 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2024-3206
The Different Menu in Different Pages – Control Menu Visibility (All in One) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax() function in all versions up to, and including, 2.3.2. This makes it possible for authentica...
NA
CVE-2024-0825
The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.3.2 via deserialization of untrusted input via the vimeography_duplicate_gallery_serialized in the duplicate_gallery function. ...
5.4
CVSSv3
CVE-2023-6807
The GeneratePress Premium plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom meta output in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it p...
Generatepress Generatepress
8.8
CVSSv3
CVE-2024-22304
Cross-Site Request Forgery (CSRF) vulnerability in Borbis Media FreshMail For WordPress.This issue affects FreshMail For WordPress: from n/a up to and including 2.3.2.
Borbis Freshmail For Wordpress
5.4
CVSSv3
CVE-2023-5116
The Live updates from Excel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ipushpull_page' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes....
Ipushpull Live Updates From Excel
6.1
CVSSv3
CVE-2023-46074
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Borbis Media FreshMail For WordPress plugin <= 2.3.2 versions.
Borbis Freshmail For Wordpress
5.4
CVSSv3
CVE-2023-4887
The Google Maps Plugin by Intergeo for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'intergeo' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. Th...
Themeisle Google Maps Plugin By Intergeo
9.8
CVSSv3
CVE-2023-2068
The File Manager Advanced Shortcode WordPress plugin up to and including 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst cas...
Advancedfilemanager File Manager Advanced Shortcode
5.4
CVSSv3
CVE-2023-2304
The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'user_favorites' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for ...
Favorites Project Favorites
9.8
CVSSv3
CVE-2022-2314
The VR Calendar WordPress plugin up to and including 2.3.2 lets any user execute arbitrary PHP functions on the site.
Vr Calendar Project Vr Calendar
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »