Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.3.2 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-1208
The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to insufficient input sanitization and output escaping that allows users to encode malicious web scripts with HTML encoding ...
Ultimatemember Ultimate Member
9.8
CVSSv3
CVE-2022-29423
Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress.
Edmonsoft Countdown Builder
4.8
CVSSv3
CVE-2022-29422
Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabilities in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-countdown-width, &ycd-progress-height, &ycd-progress-width, &ycd-button-margin-top, &ycd-b...
Edmonsoft Countdown Builder
4.8
CVSSv3
CVE-2022-29420
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-circle-countdown-before-countdown and &ycd-circle-countdown-after-countdown vulnerable parameters.
Edmonsoft Countdown Builder
1 Github repository
6.1
CVSSv3
CVE-2021-25077
The Store Toolkit for WooCommerce WordPress plugin prior to 2.3.2 does not sanitise and escape the tab parameter before outputting it back in an admin page in an error message, leading to a Reflected Cross-Site Scripting
Visser Store Toolkit For Woocommerce
4.3
CVSSv3
CVE-2021-24832
The WP SEO Redirect 301 WordPress plugin prior to 2.3.2 does not have CSRF in place when deleting redirects, which could allow malicious users to make a logged in admin delete them via a CSRF attack
Wp Seo Redirect 301 Project Wp Seo Redirect 301
5.4
CVSSv3
CVE-2021-24263
The “Elementor Addons – PowerPack Addons for Elementor” WordPress Plugin prior to 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
Ideabox Powerpack Addons For Elementor
6.1
CVSSv3
CVE-2015-9420
The soundcloud-is-gold plugin prior to 2.3.2 for WordPress has XSS via the wp-admin/admin-ajax.php?action=get_soundcloud_player id parameter.
Mightymess Soundcloud Is Gold
7.5
CVSSv3
CVE-2019-15821
The bold-page-builder plugin prior to 2.3.2 for WordPress has no protection against modifying settings and importing data.
Bold-themes Bold Page Builder
6.1
CVSSv3
CVE-2016-10890
The aryo-activity-log plugin prior to 2.3.2 for WordPress has XSS.
Pojo Activity Log
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »