Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 5.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-3552
CVE-2024-3552-Poc CVE-2024-3552 Web Directory Free <= 1.6.9 - Unauthenticated SQL Injection Description The Web Directory Free plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.6.9 due to insufficient escaping on a user supplied pa...
1 Github repository
NA
CVE-2023-6844
The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to and including 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
NA
CVE-2024-0829
The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.0. This is due to missing or incorrect capability checks on several ajax actions. This makes it possible for authenticated attacker...
NA
CVE-2024-0830
The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0. This is due to missing or incorrect nonce validation on several ajax actions. This makes it possible for unauthenticated ma...
NA
CVE-2023-39999
Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 up to and including 6.3.1, from 6.2 up to and including 6.2.2, from 6.1 up to and including 6.13, from 6.0 up to and including 6.0.5, from 5.9 up to and including 5.9.7, from 5.8 up to and including ...
Wordpress Wordpress
Fedoraproject Fedora 37
Fedoraproject Fedora 38
NA
CVE-2023-5233
The Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'fawesome' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
Fontawesome Font Awesome Integration
NA
CVE-2023-4963
The WS Facebook Like Box Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ws-facebook-likebox' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attribut...
Webshouters Ws Facebook Like Box Widget
NA
CVE-2023-0378
The Greenshift WordPress plugin prior to 5.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Greenshiftwp Greenshift - Animation And Page Builder Blocks
NA
CVE-2022-4171
The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number of characters supplied during an annotation despite there being a setting to limit the numbe...
Superwhite Demon Image Annotation
NA
CVE-2022-2594
The Advanced Custom Fields WordPress plugin prior to 5.12.3, Advanced Custom Fields Pro WordPress plugin prior to 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possible) if there is a frontend form available. This vulnera...
Advancedcustomfields Advanced Custom Fields
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »