Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.1.3 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-2761
The Genesis Blocks WordPress plugin prior to 3.1.3 does not properly escape data input provided to some of its blocks, allowing using with at least contributor privileges to conduct Stored XSS attacks.
7.2
CVSSv3
CVE-2024-0668
The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'process_bulk_action' function. This makes it possible for authenticated attacker, with adm...
Sigmaplugin Advanced Database Cleaner
7.5
CVSSv3
CVE-2023-6113
The WP STAGING WordPress Backup Plugin prior to 3.1.3 and WP STAGING Pro WordPress Backup Plugin prior to 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated malicious users to download said backups later.
Wp-staging Wp Staging
5.4
CVSSv3
CVE-2023-5109
The WP Mailto Links – Protect Email Addresses plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wpml_mailto' shortcode in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attribut...
Ironikus Wp Mailto Links
7.2
CVSSv3
CVE-2023-1016
The Intuitive Custom Post Order plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.3, due to insufficient escaping on the user supplied 'objects' and 'tags' parameters and lack of sufficient preparation in the 'updat...
Hijiriworld Intuitive Custom Post Order
6.1
CVSSv3
CVE-2023-0038
The "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via survey answers in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for un...
Ays-pro Survey Maker
4.8
CVSSv3
CVE-2022-2425
The WP DS Blog Map WordPress plugin up to and including 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in m...
Wp Ds Blog Map Project Wp Ds Blog Map
4.8
CVSSv3
CVE-2022-2410
The mTouch Quiz WordPress plugin up to and including 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in mult...
Mtouch Quiz Project Mtouch Quiz
6.5
CVSSv3
CVE-2021-25098
The Pricing Tables WordPress Plugin WordPress plugin prior to 3.1.3 does not verify the CSRF nonce when removing posts, allowing malicious users to make a logged in admin remove arbitrary posts from the blog via a CSRF attack, which will be put in the trash
Fatcatapps Easy Pricing Tables
7.2
CVSSv3
CVE-2021-24628
The Wow Forms WordPress plugin up to and including 3.1.3 does not sanitise or escape a 'did' GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an authenticated SQL injection
Wow-company Wow Forms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »