Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.0.1 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-24284
The Kaswara Modern VC Addons WordPress plugin up to and including 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malic...
Kaswara Project Kaswara
1 Github repository
1 Article
8.8
CVSSv3
CVE-2023-3343
The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.0.1 via deserialization of untrusted input from the 'profile-pic-url' parameter. This allows authenticated attackers, with subscriber-level permissions a...
Wpeverest User Registration
8.8
CVSSv3
CVE-2023-0088
The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on several AJAX actions handling page creation and deletion among other things. This makes it pos...
Swifty Page Manager Project Swifty Page Manager
8.8
CVSSv3
CVE-2015-2673
The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 up to and including 3.0.20 for WordPress allow remote malicious users to gain administrator privileges and execute arbitrary code via the opti...
Wpeasycart Wp Easycart 1.2.9
Wpeasycart Wp Easycart 1.2.8
Wpeasycart Wp Easycart 1.2.7
Wpeasycart Wp Easycart 1.2.6
Wpeasycart Wp Easycart 2.0.2
Wpeasycart Wp Easycart 2.0.3
Wpeasycart Wp Easycart 2.0.4
Wpeasycart Wp Easycart 2.0.5
Wpeasycart Wp Easycart 2.0.20
Wpeasycart Wp Easycart 2.0.21
Wpeasycart Wp Easycart 2.0.22
Wpeasycart Wp Easycart 2.1.0
Wpeasycart Wp Easycart 2.1.13
Wpeasycart Wp Easycart 2.1.14
Wpeasycart Wp Easycart 2.1.15
Wpeasycart Wp Easycart 2.1.16
Wpeasycart Wp Easycart 2.1.17
Wpeasycart Wp Easycart 2.1.30
Wpeasycart Wp Easycart 2.1.31
Wpeasycart Wp Easycart 2.1.32
Wpeasycart Wp Easycart 2.1.33
Wpeasycart Wp Easycart 3.0.12
7.5
CVSSv3
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Wordpress Wordpress 4.7.1
Wordpress Wordpress 4.7.2
Wordpress Wordpress 4.6.6
Wordpress Wordpress 4.6.5
Wordpress Wordpress 4.6.4
Wordpress Wordpress 4.5.7
Wordpress Wordpress 4.5.6
Wordpress Wordpress 4.5
Wordpress Wordpress 4.4.9
Wordpress Wordpress 4.4.11
Wordpress Wordpress 4.4.10
Wordpress Wordpress 4.3.5
Wordpress Wordpress 4.3.4
Wordpress Wordpress 4.3
Wordpress Wordpress 4.2.9
Wordpress Wordpress 4.2.16
Wordpress Wordpress 4.2.15
Wordpress Wordpress 4.2
Wordpress Wordpress 4.1.9
Wordpress Wordpress 4.1.2
Wordpress Wordpress 4.1.19
Wordpress Wordpress 4.1.11
2 Github repositories
7.2
CVSSv3
CVE-2022-33900
PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress.
Sandhillsdev Easy Digital Downloads
6.1
CVSSv3
CVE-2022-3149
The WP Custom Cursors WordPress plugin prior to 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow malicious users to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping ...
Wp Custom Cursors Project Wp Custom Cursors
6.1
CVSSv3
CVE-2022-2537
The WooCommerce PDF Invoices & Packing Slips WordPress plugin prior to 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting.
Wpovernight Woocommerce Pdf Invoices\\& Packing Slips
6.1
CVSSv3
CVE-2022-2532
The Feed Them Social WordPress plugin prior to 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
Slickremix Feed Them Social
6.1
CVSSv3
CVE-2022-2383
The Feed Them Social WordPress plugin prior to 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
Slickremix Feed Them Social
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »