Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.0.6 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-2803
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
NA
CVE-2024-1238
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button ID parameter in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
NA
CVE-2024-2047
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.6 via the render_raw function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute...
6.1
CVSSv3
CVE-2023-3992
The PostX WordPress plugin prior to 3.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Wpxpo Postx
5.3
CVSSv3
CVE-2022-0140
The Visual Form Builder WordPress plugin prior to 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint.
Vfbpro Visual Form Builder
5.4
CVSSv3
CVE-2022-0450
The Menu Image, Icons made easy WordPress plugin prior to 3.0.6 does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any authenticate users, such as subscriber can update the settings or arbitrary men...
Freshlightlab Menu Image\\, Icons Made Easy
6.1
CVSSv3
CVE-2021-24976
The Smart SEO Tool WordPress plugin prior to 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting
Wbolt Smart Seo Tool
4.8
CVSSv3
CVE-2021-24888
The ImageBoss WordPress plugin prior to 3.0.6 does not sanitise and escape its Source Name setting, which could allow high privilege users to perform Cross-Site Scripting attacks
Imageboss Imageboss
6.1
CVSSv3
CVE-2019-17231
includes/theme-functions.php in the OneTone theme up to and including 3.0.6 for WordPress has multiple stored XSS issues.
Mageewp Onetone
5.3
CVSSv3
CVE-2019-17230
includes/theme-functions.php in the OneTone theme up to and including 3.0.6 for WordPress allows unauthenticated options changes.
Mageewp Onetone
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »