Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.7.1 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2024-3520
The Country State City Dropdown CF7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tc_csca_patch_settings function in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, wi...
8.8
CVSSv3
CVE-2023-6991
The JSM file_get_contents() Shortcode WordPress plugin prior to 2.7.1 does not validate one of its shortcode's parameters before making a request to it, which could allow users with contributor role and above to perform SSRF attacks.
Surniaulula Jsm File Get Contents\\(\\) Shortcode
6.1
CVSSv3
CVE-2023-5958
The POST SMTP Mailer WordPress plugin prior to 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated malicious user to perform XSS attacks against highly privileged users.
Wpexperts Post Smtp Mailer
9.8
CVSSv3
CVE-2023-5604
The Asgaros Forum WordPress plugin prior to 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files (e.g. .php, .phtml), potentially leading to remote code execut...
Asgaros Asgaros Forum
5.4
CVSSv3
CVE-2023-5577
The Bitly's plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpbitly' shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Bitly Bitly
5.4
CVSSv3
CVE-2023-5658
The WP MapIt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_mapit' shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it po...
Chandnipatel Wp Mapit
4.3
CVSSv3
CVE-2022-2267
The Mailchimp for WooCommerce WordPress plugin prior to 2.7.1 has an AJAX action that allows any logged in users (such as subscriber) to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can ...
Mailchimp Mailchimp For Woocommerce
6.1
CVSSv3
CVE-2022-0149
The WooCommerce Stored Exporter WordPress plugin prior to 2.7.1 was affected by a Reflected Cross-Site Scripting (XSS) vulnerability in the woo_ce admin page.
Visser Store Exporter For Woocommerce
1 Github repository
5.4
CVSSv3
CVE-2021-25106
The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages WordPress plugin prior to 2.7.1 does not check for authorisation and has a flawed CSRF logic when saving its settings, allowing any authenticated users, such as subscriber, to update th...
Wpeka Wplegalpages
6.1
CVSSv3
CVE-2014-4558
Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and previous versions for WordPress allows remote malicious users to inject arbitrary web script or HTML via the api_url parameter.
Cybercompany Swipehq-payment-gateway-woocommerce
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »