Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.8.5 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-1978
The Friends plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.5 via the discover_available_feeds function. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests...
8.8
CVSSv3
CVE-2023-5602
The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.5. This is due to missing or incorrect nonce validation on several functions corresponding to AJAX actions. This ma...
Ultimatelysocial Social Media Share Buttons & Social Sharing Icons
6.5
CVSSv3
CVE-2023-5070
The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.8.5 via the sfsi_save_export function. This can allow subscribers to export plugin settings that include social media...
Ultimatelysocial Social Media Share Buttons & Social Sharing Icons
1 Github repository
6.5
CVSSv3
CVE-2021-4377
The Doneren met Mollie plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.8.5 via the dmm_export_donations() function which is called via the admin_post_dmm_export hook due to missing capability checks. This can allow authenticated m...
Wobbie Doneren Met Mollie
7.5
CVSSv3
CVE-2022-4140
The Welcart e-Commerce WordPress plugin prior to 2.8.5 does not validate user input before using it to output the content of a file, which could allow unauthenticated malicious user to read arbitrary files on the server
Collne Welcart E-commerce
6.5
CVSSv3
CVE-2022-4236
The Welcart e-Commerce WordPress plugin prior to 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the ser...
Collne Welcart E-commerce
4.8
CVSSv3
CVE-2021-24995
The HTML5 Responsive FAQ WordPress plugin up to and including 2.8.5 does not properly sanitise and escape some of its settings, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
Html5 Responsive Faq Project Html5 Responsive Faq
5.4
CVSSv3
CVE-2020-8426
The Elementor plugin prior to 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user.
Elementor Website Builder
8.8
CVSSv3
CVE-2019-15781
The facebook-by-weblizar plugin prior to 2.8.5 for WordPress has CSRF.
Weblizar Social Likebox & Feed
7.5
CVSSv3
CVE-2017-11658
In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack.
Wp-rocket Wp-rocket 2.6.14
Wp-rocket Wp-rocket 2.0.4
Wp-rocket Wp-rocket 2.5.9
Wp-rocket Wp-rocket 2.0.0
Wp-rocket Wp-rocket 2.9.1
Wp-rocket Wp-rocket 2.7.3
Wp-rocket Wp-rocket 2.7.0
Wp-rocket Wp-rocket 2.8.5
Wp-rocket Wp-rocket 2.10.0
Wp-rocket Wp-rocket 2.3.9
Wp-rocket Wp-rocket 2.3.1
Wp-rocket Wp-rocket 2.8.11
Wp-rocket Wp-rocket 2.3.5
Wp-rocket Wp-rocket 2.9.6
Wp-rocket Wp-rocket 2.5.10
Wp-rocket Wp-rocket 2.6.9
Wp-rocket Wp-rocket 2.9.11
Wp-rocket Wp-rocket 2.8.3
Wp-rocket Wp-rocket 2.8.18
Wp-rocket Wp-rocket 2.6.13
Wp-rocket Wp-rocket 2.8.23
Wp-rocket Wp-rocket 2.6.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »