Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.0.1 vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2022-0958
The Mark Posts WordPress plugin prior to 2.0.1 does not escape new markers, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Mark Posts Project Mark Posts
6.1
CVSSv3
CVE-2021-25071
The WordPress plugin up to and including 2.0.1 does not sanitise and escape the translation parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
Inpsyde Akismet Privacy Policies
4.8
CVSSv3
CVE-2022-0659
The Sync QCloud COS WordPress plugin prior to 2.0.1 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Sync Qcloud Cos Project Sync Qcloud Cos
4.3
CVSSv3
CVE-2021-24913
The Logo Showcase with Slick Slider WordPress plugin prior to 2.0.1 does not have CSRF check in the lswss_save_attachment_data AJAX action, allowing malicious users to make a logged in high privilege user, change title, description, alt text, and URL of arbitrary uploaded media.
Infornweb Logo Showcase With Slick Slider
6.1
CVSSv3
CVE-2021-24798
The WP Header Images WordPress plugin prior to 2.0.1 does not sanitise and escape the t parameter before outputting it back in the plugin's settings page, leading to a Reflected Cross-Site Scripting issue
Androidbubbles Wp Header Images
4.8
CVSSv3
CVE-2021-39356
The Content Staging WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via several parameters that are echo'd out via the ~/templates/settings.php file which allowed attackers with administrative user access to inj...
Content Staging Project Content Staging
4.8
CVSSv3
CVE-2021-39344
The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin/class-kjm-admin-notices-admin.php file which allowed attackers with administrative user access to ...
Kajoom Kjm Admin Notices
5.4
CVSSv3
CVE-2021-24528
The FluentSMTP WordPress plugin prior to 2.0.1 does not sanitize parameters before storing the settings in the database, nor does the plugin escape the values before outputting them when viewing the SMTP settings set by this plugin, leading to a stored cross site scripting (XSS) ...
Wpmanageninja Fluentsmtp
8.8
CVSSv3
CVE-2021-34633
The Youtube Feeder WordPress plugin is vulnerable to Cross-Site Request Forgery via the printAdminPage function found in the ~/youtube-feeder.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 2.0.1.
Youtube Feeder Project Youtube Feeder
9.1
CVSSv3
CVE-2020-24148
Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action.
Mooveagency Import Xml And Rss Feeds 2.0.1
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »