Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.8.3 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-2868
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slitems parameter in the WL Special Day Offer Widget in all versions up ...
NA
CVE-2024-2123
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 2.8.3 due to insufficien...
9.8
CVSSv3
CVE-2023-29432
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme.This issue affects Houzez - Real Estate WordPress Theme: from n/a prior to 2.8.3.
Favethemes Houzez
9.8
CVSSv3
CVE-2022-27858
CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress.
Activity Log Project Activity Log
5.3
CVSSv3
CVE-2022-2108
The plugin Wbcom Designs – BuddyPress Group Reviews for WordPress is vulnerable to unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in several functions related to said actions in versions up to, and including,...
Wbcomdesigns Buddypress Group Reviews
4.8
CVSSv3
CVE-2021-36846
Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Premio Chaty (WordPress plugin) <= 2.8.3
Premio Chaty
6.1
CVSSv3
CVE-2021-25016
The Chaty WordPress plugin prior to 2.8.3 and Chaty Pro WordPress plugin prior to 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting
Premio Chaty
Premio Chaty Pro
5.4
CVSSv3
CVE-2021-24634
The Recipe Card Blocks by WPZOOM WordPress plugin prior to 2.8.3 does not properly sanitise or escape some of the properties of the Recipe Card Block (such as ingredientsLayout, iconSet, steps, ingredients, recipeTitle, or settings), which could allow users with a role as low as ...
Wpzoom Recipe Card Blocks For Gutenberg \\& Elementor
7.5
CVSSv3
CVE-2017-11658
In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack.
Wp-rocket Wp-rocket 2.9.11
Wp-rocket Wp-rocket 2.9.10
Wp-rocket Wp-rocket 2.9.9
Wp-rocket Wp-rocket 2.9.8.1
Wp-rocket Wp-rocket 2.8.18
Wp-rocket Wp-rocket 2.8.17
Wp-rocket Wp-rocket 2.8.16
Wp-rocket Wp-rocket 2.8.15
Wp-rocket Wp-rocket 2.8.1
Wp-rocket Wp-rocket 2.8.0
Wp-rocket Wp-rocket 2.7.4
Wp-rocket Wp-rocket 2.7.3
Wp-rocket Wp-rocket 2.6.7
Wp-rocket Wp-rocket 2.6.6
Wp-rocket Wp-rocket 2.6.5
Wp-rocket Wp-rocket 2.6.4
Wp-rocket Wp-rocket 2.5.3
Wp-rocket Wp-rocket 2.5.2
Wp-rocket Wp-rocket 2.5.1
Wp-rocket Wp-rocket 2.5.0
Wp-rocket Wp-rocket 2.3.1
Wp-rocket Wp-rocket 2.3.0
NA
CVE-2014-9524
Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-facebook-like-box) plugin prior to 2.8.3 for WordPress allow remote malicious users to hijack the authentication of administrators for requests that (1) change plugin settings via unspeci...
Facebook Like Box Project Facebook Like Box
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »