Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.0.6 vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2019-16522
The eu-cookie-law plugin up to and including 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color...
Eu Cookie Law Project Eu Cookie Law
NA
CVE-2024-2803
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
NA
CVE-2024-2047
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.6 via the render_raw function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute...
NA
CVE-2024-1238
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button ID parameter in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
NA
CVE-2014-5240
Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress prior to 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL.
Wordpress Wordpress 3.0.5
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.6.1
Wordpress Wordpress 3.7
Wordpress Wordpress 3.5.0
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.2.1
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.0
Wordpress Wordpress 3.2
Wordpress Wordpress 3.3.3
Wordpress Wordpress
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.9.0
Wordpress Wordpress 3.7.1
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.1
Wordpress Wordpress 3.6
Wordpress Wordpress 3.3.2
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.0.6
NA
CVE-2014-5265
The Incutio XML-RPC (IXR) Library, as used in WordPress prior to 3.9.2 and Drupal 6.x prior to 6.33 and 7.x prior to 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote malicious users to cause a denial of service (memory a...
Wordpress Wordpress 3.0.5
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.6.1
Wordpress Wordpress 3.7
Wordpress Wordpress 3.5.0
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.2.1
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.0
Wordpress Wordpress 3.2
Wordpress Wordpress 3.3.3
Wordpress Wordpress
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.9.0
Wordpress Wordpress 3.7.1
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.1
Wordpress Wordpress 3.6
Wordpress Wordpress 3.3.2
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.0.6
NA
CVE-2014-5266
The Incutio XML-RPC (IXR) Library, as used in WordPress prior to 3.9.2 and Drupal 6.x prior to 6.33 and 7.x prior to 7.31, does not limit the number of elements in an XML document, which allows remote malicious users to cause a denial of service (CPU consumption) via a large docu...
Wordpress Wordpress 3.0.5
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.6.1
Wordpress Wordpress 3.7
Wordpress Wordpress 3.5.0
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.2.1
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.0
Wordpress Wordpress 3.2
Wordpress Wordpress 3.3.3
Wordpress Wordpress
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.9.0
Wordpress Wordpress 3.7.1
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.1
Wordpress Wordpress 3.6
Wordpress Wordpress 3.3.2
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.0.6
NA
CVE-2014-0165
WordPress prior to 3.7.2 and 3.8.x prior to 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php.
Wordpress Wordpress 3.0.5
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 1.2.3
Wordpress Wordpress 3.4.0
Wordpress Wordpress 2.0.11
Wordpress Wordpress 1.3.3
Wordpress Wordpress 3.6.1
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 3.7
Wordpress Wordpress 1.6.2
Wordpress Wordpress 3.5.0
Wordpress Wordpress 2.1
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.2.4
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.0.4
NA
CVE-2014-0166
The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress prior to 3.7.2 and 3.8.x prior to 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote malicious users to obtain access via a forged cookie.
Wordpress Wordpress 3.0.5
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 1.2.3
Wordpress Wordpress 3.4.0
Wordpress Wordpress 2.0.11
Wordpress Wordpress 1.3.3
Wordpress Wordpress 3.6.1
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 3.7
Wordpress Wordpress 1.6.2
Wordpress Wordpress 3.5.0
Wordpress Wordpress 2.1
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.2.4
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.0.4
1 Github repository
NA
CVE-2014-2340
Cross-site request forgery (CSRF) vulnerability in the XCloner plugin prior to 3.1.1 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php.
Xcloner Xcloner 3.0.8
Xcloner Xcloner 3.0.1
Xcloner Xcloner 3.0.4
Xcloner Xcloner 2.1
Xcloner Xcloner 3.0
Xcloner Xcloner 3.0.3
Xcloner Xcloner 3.0.5
Xcloner Xcloner 3.0.7
Xcloner Xcloner 2.2.1
Xcloner Xcloner 2.1.2
Xcloner Xcloner
Xcloner Xcloner 3.0.2
Xcloner Xcloner 3.0.6
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege
CVE-2022-48762
CVE-2022-48751
CVE-2024-37079
CVE-2024-30848
LFI
man-in-the-middle
CVE-2022-48736
CVE-2024-30103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »