Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.6.1 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-36719
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions prior to 2.6.1. This is due to a missing capability check on the lp_cc_addons_actions function. This makes it possible fo...
Cridio Listingpro
6.4
CVSSv3
CVE-2024-0627
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom field name column in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied custom fields. This m...
6.4
CVSSv3
CVE-2023-6745
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cpt' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied post meta. This make...
6.1
CVSSv3
CVE-2016-10880
The google-document-embedder plugin prior to 2.6.1 for WordPress has XSS.
Google Doc Embedder Project Google Doc Embedder
6.1
CVSSv3
CVE-2014-8087
Cross-site scripting (XSS) vulnerability in the post highlights plugin prior to 2.6.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the txt parameter in a headline action to ajax/ph_save.php.
Post Highlights Projects Post Highlights
5.4
CVSSv3
CVE-2023-0095
The Page View Count WordPress plugin prior to 2.6.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...
A3rev Page View Count
5.4
CVSSv3
CVE-2022-0765
The Loco Translate WordPress plugin prior to 2.6.1 does not properly remove inline events from elements in the source translation strings before outputting them in the editor in the plugin admin panel, allowing any user with access to the plugin (Translator and Administrator by d...
Loco Translate Project Loco Translate
5.3
CVSSv3
CVE-2020-36723
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions prior to 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated malicious users to extract sensitive data includin...
Cridio Listingpro
4.4
CVSSv3
CVE-2024-0653
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administ...
4.3
CVSSv3
CVE-2023-6748
The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. This makes it possible for authenticated attackers with contributor access and above, to extract sensitive...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »