Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.0.2 vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2022-34487
Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress.
Oxilab Shortcode Addons
6.1
CVSSv3
CVE-2021-24474
The Awesome Weather Widget WordPress plugin up to and including 3.0.2 does not sanitize the id parameter of its awesome_weather_refresh AJAX action, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) Vulnerability.
Awesome Weather Widget Project Awesome Weather Widget
7.2
CVSSv3
CVE-2021-24336
The FlightLog WordPress plugin up to and including 3.0.2 does not sanitise, validate or escape various POST parameters before using them a SQL statement, leading to SQL injections exploitable by editor and administrator users
Zavedil Flightlog
5.4
CVSSv3
CVE-2020-26672
Testimonial Rotator Wordpress Plugin 3.0.2 is affected by Cross Site Scripting (XSS) in /wp-admin/post.php. If a user intercepts a request and inserts a payload in "cite" parameter, the payload will be stored in the database.
Testimonial Rotator Project Testimonial Rotator
5.4
CVSSv3
CVE-2020-8498
XSS exists in the shortcode functionality of the GistPress plugin prior to 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users (e...
Gistpress Project Gistpress
8.8
CVSSv3
CVE-2015-2673
The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 up to and including 3.0.20 for WordPress allow remote malicious users to gain administrator privileges and execute arbitrary code via the opti...
Wpeasycart Wp Easycart 2.0.1
Wpeasycart Wp Easycart 1.2.16
Wpeasycart Wp Easycart 1.2.15
Wpeasycart Wp Easycart 1.2.14
Wpeasycart Wp Easycart 1.2.13
Wpeasycart Wp Easycart 1.2.12
Wpeasycart Wp Easycart 1.2.11
Wpeasycart Wp Easycart 1.2.10
Wpeasycart Wp Easycart 1.2.9
Wpeasycart Wp Easycart 1.2.8
Wpeasycart Wp Easycart 1.2.7
Wpeasycart Wp Easycart 1.2.6
Wpeasycart Wp Easycart 1.2.5
Wpeasycart Wp Easycart 1.2.4
Wpeasycart Wp Easycart 1.2.3
Wpeasycart Wp Easycart 1.2.2
Wpeasycart Wp Easycart 1.2.1
Wpeasycart Wp Easycart 1.2.0
Wpeasycart Wp Easycart 1.1.36
Wpeasycart Wp Easycart 1.1.35
Wpeasycart Wp Easycart 1.1.34
Wpeasycart Wp Easycart 1.1.33
7.5
CVSSv3
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Wordpress Wordpress 3.0.5
Wordpress Wordpress 4.0.1
Wordpress Wordpress 3.6.1
Wordpress Wordpress 4.1.1
Wordpress Wordpress 3.7
Wordpress Wordpress 3.9.3
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.2.1
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.0
Wordpress Wordpress 3.8.3
Wordpress Wordpress 3.2
Wordpress Wordpress 3.3.3
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.9.2
Wordpress Wordpress 3.7.1
Wordpress Wordpress 4.5.3
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.7.4
Wordpress Wordpress 3.8.2
Wordpress Wordpress 4.7.1
Wordpress Wordpress 3.0.4
2 Github repositories
6.1
CVSSv3
CVE-2017-9420
Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin prior to 3.3.0 for WordPress allows remote malicious users to inject arbitrary JavaScript via the yr parameter.
Sunnythemes Spiffy Calendar 1.3.1
Sunnythemes Spiffy Calendar 1.1.8
Sunnythemes Spiffy Calendar 2.1.1
Sunnythemes Spiffy Calendar 3.1.2
Sunnythemes Spiffy Calendar 3.0.2
Sunnythemes Spiffy Calendar 3.1.3
Sunnythemes Spiffy Calendar 1.1.4
Sunnythemes Spiffy Calendar 1.1.3
Sunnythemes Spiffy Calendar 3.0.7
Sunnythemes Spiffy Calendar 1.2.0
Sunnythemes Spiffy Calendar 3.0.5
Sunnythemes Spiffy Calendar 3.1.0
Sunnythemes Spiffy Calendar 1.1.6
Sunnythemes Spiffy Calendar 3.0.8
Sunnythemes Spiffy Calendar 3.0.6
Sunnythemes Spiffy Calendar 1.1.5
Sunnythemes Spiffy Calendar 3.0.4
Sunnythemes Spiffy Calendar 1.2.1
Sunnythemes Spiffy Calendar 3.1.1
Sunnythemes Spiffy Calendar 1.0.0
Sunnythemes Spiffy Calendar 1.1.1
Sunnythemes Spiffy Calendar 1.1.7
NA
CVE-2015-1494
The FancyBox for WordPress plugin prior to 3.0.3 for WordPress does not properly restrict access, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via an mfbfw[*] parameter in an update action to wp-admin/admin-post.php, as demonstrated by the mfb...
Colorlib Fancybox
1 EDB exploit
NA
CVE-2014-7228
Akeeba Restore (restore.php), as used in Joomla! 2.5.4 up to and including 2.5.25, 3.x up to and including 3.2.5, and 3.3.0 up to and including 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 up to and including 4.0.2; Backup Professional for WordPress 1.0.b1 up to and includ...
Joomla Joomla! 2.5.19
Joomla Joomla! 2.5.7
Joomla Joomla! 2.5.17
Joomla Joomla! 3.1.4
Joomla Joomla! 3.1.3
Joomla Joomla! 3.3.3
Joomla Joomla! 2.5.25
Joomla Joomla! 3.2.1
Joomla Joomla! 2.5.22
Joomla Joomla! 3.3.4
Joomla Joomla! 2.5.8
Joomla Joomla! 3.1.5
Joomla Joomla! 3.1.1
Joomla Joomla! 3.3.1
Joomla Joomla! 3.2.2
Joomla Joomla! 3.0.2
Joomla Joomla! 2.5.15
Joomla Joomla! 2.5.13
Joomla Joomla! 2.5.11
Joomla Joomla! 2.5.23
Joomla Joomla! 3.0.4
Joomla Joomla! 2.5.21
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »