Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.1.1 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2020-36697
The WP GDPR plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1. This makes it possible for unauthenticated malicious users to delete any comment and modify the plugin’s settings.
Appsaloon Wp Gdpr
6.4
CVSSv3
CVE-2024-4212
The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TF Group Image, TF Nav Menu, TF Posts, TF Woo Product Grid, TF Accordion, and TF Image Box widgets in all versions up to, and including, 2.1.1 due to insuff...
6.4
CVSSv3
CVE-2024-4458
The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in several widgets via URL parameters in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authentic...
6.4
CVSSv3
CVE-2024-4459
The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget's titles in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...
6.4
CVSSv3
CVE-2024-2922
The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget tags in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for aut...
6.1
CVSSv3
CVE-2023-1804
The Product Catalog Feed by PixelYourSite WordPress plugin prior to 2.1.1 does not sanitise and escape the edit parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators...
Pixelyoursite Product Catalog Feed
6.1
CVSSv3
CVE-2023-1805
The Product Catalog Feed by PixelYourSite WordPress plugin prior to 2.1.1 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Pixelyoursite Product Catalog Feed
6.1
CVSSv3
CVE-2021-38349
The Integration of Moneybird for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error_description parameter found in the ~/templates/wcmb-admin.php file which allows malicious users to inject arbitrary web scripts, in versions up to and inclu...
Techastha Integration Of Moneybird For Woocommerce
6.1
CVSSv3
CVE-2019-9908
The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-general.php manage_font_id XSS.
Hivewebstudios Font Organizer 2.1.1
6.1
CVSSv3
CVE-2017-14622
Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin prior to 2.1.1 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin....
2kblater 2kb Amazon Affiliates Store
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »