Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.2 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-44590
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in James Lao's Simple Video Embedder plugin <= 2.2 on WordPress.
Simple Video Embedder Project Simple Video Embedder
NA
CVE-2022-2762
The AdminPad WordPress plugin prior to 2.2 does not have CSRF check when updating admin's note, allowing malicious users to make a logged in admin update their notes via a CSRF attack
Adminpad Project Adminpad
7.5
CVSSv2
CVE-2022-1390
The Admin Word Count Column WordPress plugin up to and including 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated malicious users to read arbitrary files on server running old version of PHP susceptible to the null byte technique. Th...
Admin Word Count Column Project Admin Word Count Column
6.8
CVSSv2
CVE-2022-0215
The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart Woocommerce (Ajax) WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the save_settings function found in the ~/includes/xoo-framework/admin/class-xoo-admin-settings.p...
Xootix Login\\/signup Popup
Xootix Side Cart Woocommerce
Xootix Waitlist Woocommerce
6.8
CVSSv2
CVE-2021-24491
The Fileviewer WordPress plugin up to and including 2.2 does not have CSRF checks in place when performing actions such as upload and delete files. As a result, attackers could make a logged in administrator delete and upload arbitrary files via a CSRF attack
Fileviewer Project Fileviewer
4.3
CVSSv2
CVE-2021-38347
The Custom Website Data WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter found in the ~/views/edit.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 2.2.
Custom Website Data Project Custom Website Data
4.3
CVSSv2
CVE-2021-24389
The WP Foodbakery WordPress plugin prior to 2.2, used in the FoodBakery WordPress theme prior to 2.2 did not properly sanitize the foodbakery_radius parameter before outputting it back in the response, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerabili...
Chimpgroup Foodbakery
4.3
CVSSv2
CVE-2015-9508
The Easy Digital Downloads (EDD) Commissions extension for WordPress, as used with EDD 1.8.x prior to 1.8.7, 1.9.x prior to 1.9.10, 2.0.x prior to 2.0.5, 2.1.x prior to 2.1.11, 2.2.x prior to 2.2.9, and 2.3.x prior to 2.3.7, has XSS because add_query_arg is misused.
Sandhillsdev Easy Digital Downloads
Easydigitaldownloads Commissions -
4.3
CVSSv2
CVE-2015-9510
The Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordPress, as used with EDD 1.8.x prior to 1.8.7, 1.9.x prior to 1.9.10, 2.0.x prior to 2.0.5, 2.1.x prior to 2.1.11, 2.2.x prior to 2.2.9, and 2.3.x prior to 2.3.7, has XSS because add_query_arg is misused.
Sandhillsdev Easy Digital Downloads
Easydigitaldownloads Cross-sell And Upsell -
4.3
CVSSv2
CVE-2015-9520
The Easy Digital Downloads (EDD) Per Product Emails extension for WordPress, as used with EDD 1.8.x prior to 1.8.7, 1.9.x prior to 1.9.10, 2.0.x prior to 2.0.5, 2.1.x prior to 2.1.11, 2.2.x prior to 2.2.9, and 2.3.x prior to 2.3.7, has XSS because add_query_arg is misused.
Sandhillsdev Easy Digital Downloads
Easydigitaldownloads Per Product Emails -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »