Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.1.4 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-1688
The Woo Total Sales plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_orders_archive() function in all versions up to, and including, 3.1.4. This makes it possible for unauthenticated malicious users to retrieve sales r...
NA
CVE-2024-1720
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 3.1.4 due to insufficient input...
NA
CVE-2023-6165
The Restrict Usernames Emails Characters WordPress plugin prior to 3.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Benaceur-php Restrict Usernames Emails Characters
NA
CVE-2024-0688
The "WebSub (FKA. PubSubHubbub)" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attack...
Pubsubhubbub Websub
NA
CVE-2023-49752
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoon themes Adifier - Classified Ads WordPress Theme.This issue affects Adifier - Classified Ads WordPress Theme: from n/a prior to 3.1.4.
Spoonthemes Adifier
NA
CVE-2023-49187
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spoonthemes Adifier - Classified Ads WordPress Theme allows Reflected XSS.This issue affects Adifier - Classified Ads WordPress Theme: from n/a prior to 3.1.4.
Spoonthemes Adifier
NA
CVE-2023-5109
The WP Mailto Links – Protect Email Addresses plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wpml_mailto' shortcode in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attribut...
Ironikus Wp Mailto Links
NA
CVE-2022-4385
The Intuitive Custom Post Order WordPress plugin prior to 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user (with roles as low as Subscriber) to update the menu order
Intuitive Custom Post Order Project Intuitive Custom Post Order
NA
CVE-2022-4386
The Intuitive Custom Post Order WordPress plugin prior to 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an malicious user to trick any user to change the menu order via a CSRF attack
Intuitive Custom Post Order Project Intuitive Custom Post Order
6.5
CVSSv2
CVE-2022-0887
The Easy Social Icons WordPress plugin prior to 3.1.4 does not sanitize the selected_icons attribute to the cnss_widget before using it in an SQL statement, leading to a SQL injection vulnerability.
Cybernetikz Easy Social Icons
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »