Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.1.1 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2021-4391
The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the mwb_wgm_save_post() function. This makes it possible for unauthenticated m...
Wpswings Ultimate Gift Cards For Woocommerce
8.8
CVSSv3
CVE-2020-36717
The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin's function. This makes it possible for unauthenticated malicious users to access the plugin&...
Kaliforms Kali Forms
6.5
CVSSv3
CVE-2020-36697
The WP GDPR plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1. This makes it possible for unauthenticated malicious users to delete any comment and modify the plugin’s settings.
Appsaloon Wp Gdpr
7.1
CVSSv3
CVE-2020-36720
The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the update_option lacking proper authentication checks. This makes it possible for any authenticated malicious user to change (or delete) the ...
Kaliforms Kali Forms
5.3
CVSSv3
CVE-2020-36712
The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliforms_form_delete_uploaded_file function lacking any privilege or user protections. This makes it possible for unauthentica...
Kaliforms Kali Forms
6.1
CVSSv3
CVE-2023-1804
The Product Catalog Feed by PixelYourSite WordPress plugin prior to 2.1.1 does not sanitise and escape the edit parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators...
Pixelyoursite Product Catalog Feed
6.1
CVSSv3
CVE-2023-1805
The Product Catalog Feed by PixelYourSite WordPress plugin prior to 2.1.1 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Pixelyoursite Product Catalog Feed
7.2
CVSSv3
CVE-2022-0440
The Catch Themes Demo Import WordPress plugin prior to 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie DISALLOW_UNFILTERED_HTML, DISALLOW_FILE_ED...
Catchplugins Catch Themes Demo Import
NA
CVE-2021-244881
WordPress Post Grid plugin version 2.1.1 suffers from a cross site scripting vulnerability.
5.4
CVSSv3
CVE-2021-42367
The Variation Swatches for WooCommerce WordPress plugin is vulnerable to Stored Cross-Site Scripting via several parameters found in the ~/includes/class-menu-page.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 2.1.1. Due to...
Variation Swatches For Woocommerce Project Variation Swatches For Woocommerce
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »