Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.1.4 vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2024-1688
The Woo Total Sales plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_orders_archive() function in all versions up to, and including, 3.1.4. This makes it possible for unauthenticated malicious users to retrieve sales r...
NA
CVE-2024-1720
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 3.1.4 due to insufficient input...
4.8
CVSSv3
CVE-2023-6165
The Restrict Usernames Emails Characters WordPress plugin prior to 3.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Benaceur-php Restrict Usernames Emails Characters
4.8
CVSSv3
CVE-2024-0688
The "WebSub (FKA. PubSubHubbub)" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attack...
Pubsubhubbub Websub
9.8
CVSSv3
CVE-2023-49752
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoon themes Adifier - Classified Ads WordPress Theme.This issue affects Adifier - Classified Ads WordPress Theme: from n/a prior to 3.1.4.
Spoonthemes Adifier
6.1
CVSSv3
CVE-2023-49187
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spoonthemes Adifier - Classified Ads WordPress Theme allows Reflected XSS.This issue affects Adifier - Classified Ads WordPress Theme: from n/a prior to 3.1.4.
Spoonthemes Adifier
5.4
CVSSv3
CVE-2023-5109
The WP Mailto Links – Protect Email Addresses plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wpml_mailto' shortcode in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attribut...
Ironikus Wp Mailto Links
4.3
CVSSv3
CVE-2022-4385
The Intuitive Custom Post Order WordPress plugin prior to 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user (with roles as low as Subscriber) to update the menu order
Intuitive Custom Post Order Project Intuitive Custom Post Order
4.3
CVSSv3
CVE-2022-4386
The Intuitive Custom Post Order WordPress plugin prior to 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an malicious user to trick any user to change the menu order via a CSRF attack
Intuitive Custom Post Order Project Intuitive Custom Post Order
7.2
CVSSv3
CVE-2022-0887
The Easy Social Icons WordPress plugin prior to 3.1.4 does not sanitize the selected_icons attribute to the cnss_widget before using it in an SQL statement, leading to a SQL injection vulnerability.
Cybernetikz Easy Social Icons
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »