Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.0.6 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-4332
The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can include an SVG image for...
Posimyth The Plus Addons For Elementor
4.8
CVSSv3
CVE-2022-3426
The Advanced WP Columns WordPress plugin up to and including 2.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ex...
Advanced Wp Columns Project Advanced Wp Columns
6.1
CVSSv3
CVE-2022-1567
The WP-JS plugin for WordPress contains a script called wp-js.php with the function wp_js_admin, that accepts unvalidated user input and echoes it back to the user. This can be used for reflected Cross-Site Scripting in versions up to, and including, 2.0.6.
Wp-js Project Wp-js
6.1
CVSSv3
CVE-2021-26256
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Survey Maker WordPress plugin (versions <= 2.0.6).
Ays-pro Survey Maker
8.8
CVSSv3
CVE-2021-39317
A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.p...
Accesspressthemes Access Demo Importer
Accesspressthemes Eightstore-lite
Accesspressthemes Enlighten
Accesspressthemes Fotography
Accesspressthemes Opstore
Accesspressthemes Parallaxsome
Accesspressthemes Punte
Accesspressthemes Revolve
Accesspressthemes Ripple
Accesspressthemes Sakala
Accesspressthemes Scrollme
Accesspressthemes Storevilla
Accesspressthemes Swing-lite
Accesspressthemes The100
Accesspressthemes The-launcher
Accesspressthemes The-monday
Accesspressthemes Ultra-seven
Accesspressthemes Uncode-lite
Accesspressthemes Vmag
Accesspressthemes Vmagazine-lite
Accesspressthemes Vmagazine-news
Accesspressthemes Wpparallax
8.8
CVSSv3
CVE-2021-24726
The WP Simple Booking Calendar WordPress plugin prior to 2.0.6 did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to an authenticated SQL injection issue
Wpsimplebookingcalendar Wp Simple Booking Calendar
5.4
CVSSv3
CVE-2021-24266
The “The Plus Addons for Elementor Page Builder Lite” WordPress Plugin prior to 2.0.6 has four widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
Posimyth The Plus Addons For Elementor Page Builder Lite
8.8
CVSSv3
CVE-2020-22275
Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an malicious user to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executa...
Easyregistrationforms Easy Registration Forms 2.0.6
6.1
CVSSv3
CVE-2016-10952
The quotes-collection plugin prior to 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter.
Quotes Collection Project Quotes Collection
8.8
CVSSv3
CVE-2018-21002
The js-support-ticket plugin prior to 2.0.6 for WordPress has CSRF.
Joomsky Js Help Desk
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »