Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.2.1 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2024-3956
The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pod Form widget in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This make...
5.4
CVSSv3
CVE-2023-5334
The WP Responsive header image slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sp_responsiveslider' shortcode in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. Th...
Wponlinesupport Wp Responsive Header Image Slider
8.8
CVSSv3
CVE-2021-4394
The Locations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated malicious users to update cu...
Goldplugins Locations
6.5
CVSSv3
CVE-2023-2623
The KiviCare WordPress plugin prior to 3.2.1 does not restrict the information returned in a response and returns all user data, allowing low privilege users such as subscriber to retrieve sensitive information such as the user email and hashed password of other users
Iqonic Kivicare
6.1
CVSSv3
CVE-2023-2624
The KiviCare WordPress plugin prior to 3.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrator
Iqonic Kivicare
4.3
CVSSv3
CVE-2023-2627
The KiviCare WordPress plugin prior to 3.2.1 does not have proper CSRF and authorisation checks in various AJAX actions, allowing any authenticated users, such as subscriber to call them. Attacks include but are not limited to: Add arbitrary Clinic Admin/Doctors/etc and update pl...
Iqonic Kivicare
8.8
CVSSv3
CVE-2023-2628
The KiviCare WordPress plugin prior to 3.2.1 does not have CSRF checks (either flawed or missing completely) in various AJAX actions, which could allow malicious users to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete ...
Iqonic Kivicare
5.3
CVSSv3
CVE-2023-0085
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. This is due to insufficient server side checking on the captcha value submitted during a form submission. This makes it possible for unauthen...
Wpmet Metform Elementor Contact Form Builder
6.5
CVSSv3
CVE-2022-2091
The Cache Images WordPress plugin prior to 3.2.1 does not implement nonce checks, which could allow malicious users to make any logged user upload images via a CSRF attack.
Cache Images Project Cache Images
6.1
CVSSv3
CVE-2022-1904
The Pricing Tables WordPress Plugin WordPress plugin prior to 3.2.1 does not sanitise and escape parameter before outputting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a Reflected Cross-Site Scri...
Fatcatapps Easy Pricing Tables
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4541
CVE-2024-3080
CVE-2024-4787
log injection
CVE-2024-5967
inject
CVE-2024-30078
CVE-2024-5899
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »