Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.1 vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2020-7048
The WordPress plugin, WP Database Reset up to and including 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a wp-admin/admin-po...
Webfactoryltd Wp Database Reset
1 Github repository
8.8
CVSSv3
CVE-2020-7047
The WordPress plugin, WP Database Reset up to and including 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability (with a simple wp-admin/admin.php?db-reset-tables[]=users request) to escalate their privileges to administrator while dropping...
Webfactoryltd Wp Database Reset
7.5
CVSSv3
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Wordpress Wordpress 3.0.5
Wordpress Wordpress 4.0.1
Wordpress Wordpress 3.6.1
Wordpress Wordpress 4.1.1
Wordpress Wordpress 3.7
Wordpress Wordpress 3.9.3
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.2.1
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.0
Wordpress Wordpress 3.8.3
Wordpress Wordpress 3.2
Wordpress Wordpress 3.3.3
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.9.2
Wordpress Wordpress 3.7.1
Wordpress Wordpress 4.5.3
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.7.4
Wordpress Wordpress 3.8.2
Wordpress Wordpress 4.7.1
Wordpress Wordpress 3.0.4
2 Github repositories
6.1
CVSSv3
CVE-2023-2813
All of the above Aapna WordPress theme up to and including 1.3, Anand WordPress theme up to and including 1.2, Anfaust WordPress theme up to and including 1.1, Arendelle WordPress theme prior to 1.1.13, Atlast Business WordPress theme up to and including 1.5.8.5, Bazaar Lite Word...
Saumendra Aapna
Saumendra Anand
Thewebhunter Anfaust
Deothemes Arendelle
Archimidismertzanos Atlast Business
Themeinprogress Bazaar Lite
Arthousewebdesign Brain Power
Yws Bunnypress Lite
Ayecode Cafe Bistro
Ayecode College
Omarfolgheraiter Digitally
Henleythemes Counterpoint
Ajaydsouza Connections Reloaded
Competethemes Drop
Ayecode Directory
Deothemes Everse
Archimidismertzanos Fashionable Store
Marchettidesign Fullbase
Dotecsa Ilex
Jinwen Js O3 Lite
Climaxthemes Kata
Jinwen Js Paper
6.1
CVSSv3
CVE-2021-38322
The Twitter Friends Widget WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the pmc_TF_user and pmc_TF_password parameter found in the ~/twitter-friends-widget.php file which allows malicious users to inject arbitrary web scripts, in versions up to and includi...
Twitter Friends Widget Project Twitter Friends Widget
5.4
CVSSv3
CVE-2023-6884
This plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on the 'place_id' attribute. This makes it possible for authentica...
Richplugins Plugin For Google Reviews
5.4
CVSSv3
CVE-2024-22150
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PWR Plugins Portfolio & Image Gallery for WordPress | PowerFolio allows Stored XSS.This issue affects Portfolio & Image Gallery for WordPress | PowerFolio: from...
Pwrplugins Powerfolio
5.4
CVSSv3
CVE-2023-5432
The Jquery news ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jquery-news-ticker' shortcode in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
Gopiplus Jquery News Ticker
5.4
CVSSv3
CVE-2023-5615
The Skype Legacy Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skype-status' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. Th...
Ravanh Skype Legacy Buttons
5.4
CVSSv3
CVE-2022-36355
Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Easy Org Chart plugin <= 3.1 at WordPress.
Easy Org Chart Project Easy Org Chart
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »