Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.0 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2022-2387
The Easy Digital Downloads WordPress plugin prior to 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a...
Sandhillsdev Easy Digital Downloads
8.8
CVSSv3
CVE-2021-24890
The Scripts Organizer WordPress plugin prior to 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbit...
Dplugins Scripts Organizer
7.2
CVSSv3
CVE-2022-2261
The WPIDE WordPress plugin prior to 3.0 does not sanitize and validate the filename parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue.
Xplodedthemes Wpide
4.8
CVSSv3
CVE-2022-36378
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Floating Div plugin <= 3.0 at WordPress.
Floating Div Project Floating Div
5.4
CVSSv3
CVE-2022-29443
Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark's Hotel Booking plugin <= 3.0 at WordPress.
Nicdark Hotel Booking
6.1
CVSSv3
CVE-2022-0321
The WP Voting Contest WordPress plugin prior to 3.0 does not sanitise and escape the post_id parameter before outputting it back in the response via the wpvc_social_share_icons AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-S...
Ohiowebtech Wp Voting Contest
5.4
CVSSv3
CVE-2021-24611
The Keyword Meta WordPress plugin up to and including 3.0 does not sanitise of escape its settings before outputting them back in the page after they are saved, allowing for Cross-Site Scripting issues. Furthermore, it is also lacking any CSRF check, allowing malicious user to ma...
Keyword Meta Project Keyword Meta
4.8
CVSSv3
CVE-2021-24444
The TaxoPress – Create and Manage Taxonomies, Tags, Categories WordPress plugin prior to 3.0.7.2 does not sanitise its Taxonomy description field, allowing high privilege users to set JavaScript payload in them even when the unfiltered_html capability is disallowed, leading...
Taxopress Taxopress
9.8
CVSSv3
CVE-2020-11530
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an malicious user to execute arbitrary SQL queries in the context of the WP database user.
Idangero Chop Slider 3.0
6.5
CVSSv3
CVE-2015-9424
The multicons plugin prior to 3.0 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=multicons%2Fmulticons.php global_url or admin_url parameter.
Doc4design Multicons
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »