Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.0 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-0367
The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin prior to 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributo...
Pricing Tables For Wpbakery Page Builder Project Pricing Tables For Wpbakery Page Builder
6.5
CVSSv3
CVE-2023-1274
The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin prior to 3.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI a...
Pricing Tables For Wpbakery Page Builder Project Pricing Tables For Wpbakery Page Builder
5.4
CVSSv3
CVE-2023-0399
The Image Over Image For WPBakery Page Builder WordPress plugin prior to 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perfo...
Image Over Image For Wpbakery Page Builder Project Image Over Image For Wpbakery Page Builder
4.3
CVSSv3
CVE-2022-2387
The Easy Digital Downloads WordPress plugin prior to 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a...
Sandhillsdev Easy Digital Downloads
8.8
CVSSv3
CVE-2021-24890
The Scripts Organizer WordPress plugin prior to 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbit...
Dplugins Scripts Organizer
7.2
CVSSv3
CVE-2022-2261
The WPIDE WordPress plugin prior to 3.0 does not sanitize and validate the filename parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue.
Xplodedthemes Wpide
4.8
CVSSv3
CVE-2022-36378
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Floating Div plugin <= 3.0 at WordPress.
Floating Div Project Floating Div
5.4
CVSSv3
CVE-2022-29443
Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark's Hotel Booking plugin <= 3.0 at WordPress.
Nicdark Hotel Booking
6.1
CVSSv3
CVE-2022-0321
The WP Voting Contest WordPress plugin prior to 3.0 does not sanitise and escape the post_id parameter before outputting it back in the response via the wpvc_social_share_icons AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-S...
Ohiowebtech Wp Voting Contest
5.4
CVSSv3
CVE-2021-24611
The Keyword Meta WordPress plugin up to and including 3.0 does not sanitise of escape its settings before outputting them back in the page after they are saved, allowing for Cross-Site Scripting issues. Furthermore, it is also lacking any CSRF check, allowing malicious user to ma...
Keyword Meta Project Keyword Meta
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6267
XML injection
CVE-2024-37673
CVE-2024-6266
CVE-2024-30078
arbitrary
CVE-2024-36886
CVE-2024-5346
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »