Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.2 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-44590
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in James Lao's Simple Video Embedder plugin <= 2.2 on WordPress.
Simple Video Embedder Project Simple Video Embedder
6.5
CVSSv3
CVE-2022-2762
The AdminPad WordPress plugin prior to 2.2 does not have CSRF check when updating admin's note, allowing malicious users to make a logged in admin update their notes via a CSRF attack
Adminpad Project Adminpad
9.8
CVSSv3
CVE-2022-1390
The Admin Word Count Column WordPress plugin up to and including 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated malicious users to read arbitrary files on server running old version of PHP susceptible to the null byte technique. Th...
Admin Word Count Column Project Admin Word Count Column
8.8
CVSSv3
CVE-2022-0215
The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart Woocommerce (Ajax) WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the save_settings function found in the ~/includes/xoo-framework/admin/class-xoo-admin-settings.p...
Xootix Waitlist Woocommerce
Xootix Side Cart Woocommerce
Xootix Login/signup Popup
8.8
CVSSv3
CVE-2021-24491
The Fileviewer WordPress plugin up to and including 2.2 does not have CSRF checks in place when performing actions such as upload and delete files. As a result, attackers could make a logged in administrator delete and upload arbitrary files via a CSRF attack
Fileviewer Project Fileviewer
6.1
CVSSv3
CVE-2021-38347
The Custom Website Data WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter found in the ~/views/edit.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 2.2.
Custom Website Data Project Custom Website Data
6.1
CVSSv3
CVE-2021-24389
The WP Foodbakery WordPress plugin prior to 2.2, used in the FoodBakery WordPress theme prior to 2.2 did not properly sanitize the foodbakery_radius parameter before outputting it back in the response, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerabili...
Chimpgroup Foodbakery
6.1
CVSSv3
CVE-2015-9507
The Easy Digital Downloads (EDD) Attach Accounts to Orders extension for WordPress, as used with EDD 1.8.x prior to 1.8.7, 1.9.x prior to 1.9.10, 2.0.x prior to 2.0.5, 2.1.x prior to 2.1.11, 2.2.x prior to 2.2.9, and 2.3.x prior to 2.3.7, has XSS because add_query_arg is misused.
Sandhillsdev Easy Digital Downloads
Easydigitaldownloads Attach Accounts To Orders -
6.1
CVSSv3
CVE-2015-9509
The Easy Digital Downloads (EDD) Content Restriction extension for WordPress, as used with EDD 1.8.x prior to 1.8.7, 1.9.x prior to 1.9.10, 2.0.x prior to 2.0.5, 2.1.x prior to 2.1.11, 2.2.x prior to 2.2.9, and 2.3.x prior to 2.3.7, has XSS because add_query_arg is misused.
Sandhillsdev Easy Digital Downloads
Easydigitaldownloads Content Restriction -
6.1
CVSSv3
CVE-2015-9512
The Easy Digital Downloads (EDD) CSV Manager extension for WordPress, as used with EDD 1.8.x prior to 1.8.7, 1.9.x prior to 1.9.10, 2.0.x prior to 2.0.5, 2.1.x prior to 2.1.11, 2.2.x prior to 2.2.9, and 2.3.x prior to 2.3.7, has XSS because add_query_arg is misused.
Sandhillsdev Easy Digital Downloads
Easydigitaldownloads Csv Manager -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »