Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.6 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-4835
The Social Sharing Toolkit WordPress plugin up to and including 2.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks whic...
Linksalpha Social Sharing Toolkit
NA
CVE-2021-36858
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themepoints Testimonials plugin <= 2.6 on WordPress.
Themepoints Testimonials
NA
CVE-2022-40217
Authenticated (admin+) Arbitrary File Edit/Upload vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress.
Xplodedthemes Wpide
NA
CVE-2022-35235
Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress.
Xplodedthemes Wpide - File Manager \\& Code Editor
3.5
CVSSv2
CVE-2022-1818
The Multi-page Toolkit WordPress plugin up to and including 2.6 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanit...
Multi-page Toolkit Project Multi-page Toolkit
3.5
CVSSv2
CVE-2022-0388
The Interactive Medical Drawing of Human Body WordPress plugin prior to 2.6 does not sanitise and escape the Link field, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Humananatomyillustrations Interactive Medical Drawing Of Human Body
4
CVSSv2
CVE-2021-24154
The Theme Editor WordPress plugin prior to 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd
7.5
CVSSv2
CVE-2014-10379
The duplicate-post plugin prior to 2.6 for WordPress has SQL injection.
Duplicate Post Project Duplicate Post
4.3
CVSSv2
CVE-2014-10378
The duplicate-post plugin prior to 2.6 for WordPress has XSS.
Duplicate Post Project Duplicate Post
4.3
CVSSv2
CVE-2019-11358
jQuery prior to 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Jquery Jquery
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Drupal Drupal
Backdropcms Backdrop
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Netapp Snapcenter -
Netapp Oncommand System Manager
Redhat Cloudforms 4.7
Redhat Virtualization Manager 4.3
Oracle Service Bus 12.1.3.0.0
Oracle Primavera Unifier 16.2
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Weblogic Server 12.1.3.0.0
Oracle Service Bus 11.1.1.9.0
Oracle Jdeveloper 11.1.1.9.0
Oracle Primavera Unifier 16.1
126 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »