Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-2439
The Salon booking system WordPress plugin up to and including 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ...
NA
CVE-2024-2603
The Salon booking system WordPress plugin up to and including 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin (or editor depending on Salon booking system WordPress plugin up to and including 9.6.5 configuration) to pe...
NA
CVE-2024-2837
The WP Chat App WordPress plugin prior to 3.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
NA
CVE-2024-3048
The Bannerlid WordPress plugin up to and including 1.1.0 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators
NA
CVE-2024-3188
The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin prior to 7.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above ...
NA
CVE-2024-2310
The WP Google Review Slider WordPress plugin prior to 13.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in...
NA
CVE-2024-2429
The Salon booking system WordPress plugin up to and including 9.6.5 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack
NA
CVE-2024-2908
The Call Now Button WordPress plugin prior to 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multi...
NA
CVE-2024-3058
The ENL Newsletter WordPress plugin up to and including 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow malicious users to make logged in admin add Stored XSS payloads via a CSRF attack
NA
CVE-2024-3059
The ENL Newsletter WordPress plugin up to and including 1.0.1 does not have CSRF checks in some places, which could allow malicious users to make logged in admins delete arbitrary Campaigns via a CSRF attack
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »