Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2024-3922
The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...
1 Github repository
10
CVSSv3
CVE-2024-3820
The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to SQL Injection via the 'id_key' parameter of the wdt_delete_table_row AJAX action in all versions up to, and including, 6.3.1 due to insufficient...
10
CVSSv3
CVE-2020-35489
The contact-form-7 (aka Contact Form 7) plugin prior to 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.
Rocklobster Contact Form 7
5 Github repositories
10
CVSSv3
CVE-2020-24186
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 up to and including 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.
Gvectors Wpdiscuz
7 Github repositories
10
CVSSv3
CVE-2019-16932
A blind SSRF vulnerability exists in the Visualizer plugin prior to 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data.
Themeisle Visualizer
10
CVSSv3
CVE-2016-10927
The nelio-ab-testing plugin prior to 4.5.11 for WordPress has SSRF in ajax/iesupport.php.
Neliosoftware Nelio Ab Testing
10
CVSSv3
CVE-2016-10926
The nelio-ab-testing plugin prior to 4.5.9 for WordPress has SSRF in ajax/iesupport.php.
Neliosoftware Nelio Ab Testing
9.9
CVSSv3
CVE-2024-3105
The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php' shortcode. This is due to the plugin not restricting the usage of the func...
9.9
CVSSv3
CVE-2024-3549
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient...
9.9
CVSSv3
CVE-2024-3592
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'question_id' parameter in all versions up to, and including, 9.0.1 due to insufficient escaping on the user supplied parameter...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »