Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.7.1 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-5604
The Asgaros Forum WordPress plugin prior to 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files (e.g. .php, .phtml), potentially leading to remote code execut...
Asgaros Asgaros Forum
8.8
CVSSv3
CVE-2024-5324
The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_settings' function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attacker...
8.8
CVSSv3
CVE-2023-6991
The JSM file_get_contents() Shortcode WordPress plugin prior to 2.7.1 does not validate one of its shortcode's parameters before making a request to it, which could allow users with contributor role and above to perform SSRF attacks.
Surniaulula Jsm File Get Contents() Shortcode
7.5
CVSSv3
CVE-2015-9339
The wp-file-upload plugin prior to 2.7.1 for WordPress has insufficient restrictions on upload of .js files.
Iptanus Wordpress File Upload
7.5
CVSSv3
CVE-2017-11658
In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack.
Wp-rocket Wp-rocket 2.6.14
Wp-rocket Wp-rocket 2.0.4
Wp-rocket Wp-rocket 2.5.9
Wp-rocket Wp-rocket 2.0.0
Wp-rocket Wp-rocket 2.9.1
Wp-rocket Wp-rocket 2.7.3
Wp-rocket Wp-rocket 2.7.0
Wp-rocket Wp-rocket 2.8.5
Wp-rocket Wp-rocket 2.10.0
Wp-rocket Wp-rocket 2.3.9
Wp-rocket Wp-rocket 2.3.1
Wp-rocket Wp-rocket 2.8.11
Wp-rocket Wp-rocket 2.3.5
Wp-rocket Wp-rocket 2.9.6
Wp-rocket Wp-rocket 2.5.10
Wp-rocket Wp-rocket 2.6.9
Wp-rocket Wp-rocket 2.9.11
Wp-rocket Wp-rocket 2.8.3
Wp-rocket Wp-rocket 2.8.18
Wp-rocket Wp-rocket 2.6.13
Wp-rocket Wp-rocket 2.8.23
Wp-rocket Wp-rocket 2.6.6
6.1
CVSSv3
CVE-2023-5958
The POST SMTP Mailer WordPress plugin prior to 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated malicious user to perform XSS attacks against highly privileged users.
Wpexperts Post Smtp Mailer
6.1
CVSSv3
CVE-2022-0149
The WooCommerce Stored Exporter WordPress plugin prior to 2.7.1 was affected by a Reflected Cross-Site Scripting (XSS) vulnerability in the woo_ce admin page.
Visser Store Exporter For Woocommerce
1 Github repository
6.1
CVSSv3
CVE-2014-4558
Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and previous versions for WordPress allows remote malicious users to inject arbitrary web script or HTML via the api_url parameter.
Cybercompany Swipehq-payment-gateway-woocommerce
6.1
CVSSv3
CVE-2015-7357
Cross-site scripting (XSS) vulnerability in the uDesign (aka U-Design) theme 2.3.0 prior to 2.7.10 for WordPress allows remote malicious users to inject arbitrary web script or HTML via a fragment identifier, as demonstrated by #<svg onload=alert(1)>.
Udesign Project Udesign 2.7.9
Udesign Project Udesign 2.7.8
Udesign Project Udesign 2.7.7
Udesign Project Udesign 2.7.6
Udesign Project Udesign 2.7.5
Udesign Project Udesign 2.7.4
Udesign Project Udesign 2.7.3
Udesign Project Udesign 2.7.2
Udesign Project Udesign 2.7.1
Udesign Project Udesign 2.7.0
Udesign Project Udesign 2.6.0
Udesign Project Udesign 2.5.6
Udesign Project Udesign 2.5.5
Udesign Project Udesign 2.5.4
Udesign Project Udesign 2.5.3
Udesign Project Udesign 2.5.2
Udesign Project Udesign 2.5.1
Udesign Project Udesign 2.5.0
Udesign Project Udesign 2.4.19
Udesign Project Udesign 2.4.18
Udesign Project Udesign 2.4.17
Udesign Project Udesign 2.4.16
5.4
CVSSv3
CVE-2023-5577
The Bitly's plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpbitly' shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Bitly Bitly
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »