Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
taurus omar vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-1890
The Tablesome WordPress plugin prior to 1.0.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting
Pauple Tablesome
NA
CVE-2023-1893
The Login Configurator WordPress plugin up to and including 2.1 does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site administrators.
Login Configurator Project Login Configurator
NA
CVE-2023-2601
The wpbrutalai WordPress plugin prior to 2.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin via CSRF.
Wp Brutal Ai Project Wp Brutal Ai
NA
CVE-2023-2605
The wpbrutalai WordPress plugin prior to 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin.
Wp Brutal Ai Project Wp Brutal Ai
NA
CVE-2023-2606
The WP Brutal AI WordPress plugin prior to 2.06 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite ...
Brutalplugins Wp Brutal Ai
NA
CVE-2023-2029
The PrePost SEO WordPress plugin up to and including 3.0 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite s...
Enzipe Prepost Seo
383
VMScore
CVE-2022-0953
The Anti-Malware Security and Brute-Force Firewall WordPress plugin prior to 4.20.96 does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters
Download Anti-malware Security And Brute-force Firewall Project Download Anti-malware Security And Brute-force Firewall
312
VMScore
CVE-2022-0994
The Hummingbird WordPress plugin prior to 3.3.2 does not sanitise and escape the Config Name, which could allow high privilege users, such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Incsub Hummingbird
312
VMScore
CVE-2022-1001
The WP Downgrade WordPress plugin prior to 1.2.3 only perform client side validation of its "WordPress Target Version" settings, but does not sanitise and escape it server side, allowing high privilege users such as admin to perform Cross-Site attacks even when the unfi...
Wp Downgrade Project Wp Downgrade
312
VMScore
CVE-2022-1153
The LayerSlider WordPress plugin prior to 7.1.2 does not sanitise and escape Project's slug before outputting it back in various place, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
Layslider Layslider
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »