Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-2304
The Animated Headline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animated-headline' shortcode in all versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. ...
NA
CVE-2023-5467
The GEO my WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers w...
Geomywp Geo My Wordpress
NA
CVE-2023-3139
The Protect WP Admin WordPress plugin prior to 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered.
Wp-experts Protect Wp Admin
NA
CVE-2023-1596
The tagDiv Composer WordPress plugin prior to 4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Tagdiv Composer
NA
CVE-2022-4458
The amr shortcode any widget WordPress plugin up to and including 4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks wh...
Amr Shortcode Any Widget Project Amr Shortcode Any Widget
NA
CVE-2022-3835
The Kwayy HTML Sitemap WordPress plugin prior to 4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multi...
Kwayyinfotech Kwayy Html Sitemap
383
VMScore
CVE-2022-29430
Cross-Site Scripting (XSS) vulnerability in KubiQ's PNG to JPG plugin <= 4.0 at WordPress via Cross-Site Request Forgery (CSRF). Vulnerable parameter &jpg_quality.
Png To Jpg Project Png To Jpg
356
VMScore
CVE-2021-24872
The Get Custom Field Values WordPress plugin prior to 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata.
Get Custom Field Values Project Get Custom Field Values
383
VMScore
CVE-2021-24335
The Car Repair Services & Auto Mechanic WordPress theme prior to 4.0 did not properly sanitise its serviceestimatekey search parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue
Smartdatasoft Car Repair Services \\& Auto Mechanic
383
VMScore
CVE-2021-24294
The dsgvoaio_write_log AJAX action of the DSGVO All in one for WP WordPress plugin prior to 4.0 did not sanitise or escape some POST parameter submitted before outputting them in the Log page in the administrator dashboard (wp-admin/admin.php?page=dsgvoaiofree-show-log). This cou...
Mlfactory Dsgvo All In One For Wp
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »