Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.0.2 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-39351
The WP Bannerize WordPress plugin is vulnerable to authenticated SQL injection via the id parameter found in the ~/Classes/wpBannerizeAdmin.php file which allows malicious users to exfiltrate sensitive information from vulnerable sites. This issue affects versions 2.0.0 - 4.0.2.
Wp Bannerize Project Wp Bannerize
4.3
CVSSv3
CVE-2019-25143
The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdpr_cookie_compliance_reset_settings AJAX action in versions up to, and including, 4.0.2. This makes it possible for authenticated malicious users to re...
Mooveagency Gdpr Cookie Compliance
4.3
CVSSv3
CVE-2021-24825
The Custom Content Shortcode WordPress plugin prior to 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to display arbitrary files from the filesystem (such as logs, .htaccess etc), as well...
Custom Content Shortcode Project Custom Content Shortcode
5.4
CVSSv3
CVE-2023-0069
The WPaudio MP3 Player WordPress plugin up to and including 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored C...
Wpaudio Mp3 Player Project Wpaudio Mp3 Player
5.4
CVSSv3
CVE-2023-0273
The Custom Content Shortcode WordPress plugin up to and including 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform St...
Custom Content Shortcode Project Custom Content Shortcode
8.8
CVSSv3
CVE-2020-13641
An issue exists in the Real-Time Find and Replace plugin prior to 4.0.2 for WordPress. The far_options_page function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious Jav...
Infolific Real-time Find And Replace
NA
CVE-2023-5775
The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possible for authenticated att...
8.8
CVSSv3
CVE-2023-2237
The WP Replicate Post plugin for WordPress is vulnerable to SQL Injection via the post_id parameter in versions up to, and including, 4.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it poss...
Yudiz Wp Replicate Post
NA
CVE-2023-6494
The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...
8.8
CVSSv3
CVE-2023-0340
The Custom Content Shortcode WordPress plugin up to and including 4.0.2 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files ...
Custom Content Shortcode Project Custom Content Shortcode
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »