Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.7 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-1292
The WPB Show Core WordPress plugin prior to 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
NA
CVE-2024-1956
The wpb-show-core WordPress plugin prior to 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting
NA
CVE-2024-1958
The WPB Show Core WordPress plugin prior to 2.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users
5.4
CVSSv3
CVE-2023-5096
The HTML filter and csv-file search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'csvsearch' shortcode in versions up to, and including, 2.7 due to insufficient input sanitization and output escaping on user supplied attributes...
Jonashjalmarsson Html Filter And Csv-file Search
8.8
CVSSv3
CVE-2023-5099
The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. This allows authenticated attackers, with contributor-level permissions a...
Jonashjalmarsson Html Filter And Csv-file Search
8.8
CVSSv3
CVE-2023-1597
The tagDiv Cloud Library WordPress plugin prior to 2.7 does not have authorisation and CSRF in an AJAX action accessible to both unauthenticated and authenticated users, allowing unauthenticated users to change arbitrary user metadata, which could lead to privilege escalation by ...
Tagdiv Cloud Library
9.8
CVSSv3
CVE-2013-10023
A vulnerability was found in Editorial Calendar Plugin up to 2.6 on WordPress. It has been declared as critical. Affected by this vulnerability is the function edcal_filter_where of the file edcal.php. The manipulation of the argument edcal_startDate/edcal_endDate leads to sql in...
Editorial Calendar Project Editorial Calendar
4.8
CVSSv3
CVE-2022-3539
The Testimonials WordPress plugin prior to 2.7, super-testimonial-pro WordPress plugin prior to 1.0.8 do not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowe...
Themepoints Testimonials
Themepoints Testimonials Pro
8.8
CVSSv3
CVE-2022-37411
Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza's Captcha Code plugin <= 2.7 at WordPress.
Captcha Code Project Captcha Code
5.7
CVSSv3
CVE-2021-24752
Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin prior to 1.9, To Top WordPress plugin prior to 2.3,...
Catchplugins Catch Scroll Progress Bar
Catchplugins Catch Sticky Menu
Catchplugins Catch Themes Demo Import
Catchplugins Catch Under Construction
Catchplugins Catch Web Tools
Catchplugins Essential Content Types
Catchplugins Generate Child Theme
Catchplugins Header Enhancement
Catchplugins To Top
Catchplugins Essential Widgets
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »