Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.7 vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2023-5980
The BSK Forms Blacklist WordPress plugin prior to 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in mult...
Bannersky Bsk Forms Blacklist
8.8
CVSSv3
CVE-2022-4290
The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL Injection via the 'ctl_sanitize_title' function in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...
Cyr To Lat Project Cyr To Lat
5.3
CVSSv3
CVE-2023-4631
The DoLogin Security WordPress plugin prior to 3.7 uses headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing.
Wpdo5ea Dologin Security
1 Github repository
6.1
CVSSv3
CVE-2023-4549
The DoLogin Security WordPress plugin prior to 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by malicious users to conduct Stored XSS attacks via WordPress' login form.
Wpdo5ea Dologin Security
1 Github repository
4.3
CVSSv3
CVE-2023-2078
The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the recieve_post, bmc_disconnect, name_post, and widget_post functions in versions up to, and including, 3....
Buymeacoffee Buy Me A Coffee
5.3
CVSSv3
CVE-2023-2079
The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the recieve_post, bmc_disconnect, name_post, and widget_post functions in versions up to, and including, 3.7. This ...
Buymeacoffee Buy Me A Coffee
4.8
CVSSv3
CVE-2023-2578
The Buy Me a Coffee WordPress plugin prior to 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisit...
Buymeacoffee Buy Me A Coffee
4.8
CVSSv3
CVE-2023-25972
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in IKSWEB WordPress ????? plugin <= 3.7 versions.
Iksweb Wordpress Ctapt
6.1
CVSSv3
CVE-2022-43497
Cross-site scripting vulnerability in WordPress versions before 6.0.3 allows a remote unauthenticated malicious user to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.
Wordpress Wordpress
6.1
CVSSv3
CVE-2022-43500
Cross-site scripting vulnerability in WordPress versions before 6.0.3 allows a remote unauthenticated malicious user to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.
Wordpress Wordpress
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »