Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.2 vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2014-10390
The wp-support-plus-responsive-ticket-system plugin prior to 4.2 for WordPress has directory traversal.
Wpsupportplus Wp Support Plus Responsive Ticket System
5.3
CVSSv3
CVE-2014-10388
The wp-support-plus-responsive-ticket-system plugin prior to 4.2 for WordPress has full path disclosure.
Wpsupportplus Wp Support Plus Responsive Ticket System
NA
CVE-2024-32585
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendWP Import Content in WordPress & WooCommerce with Excel allows Reflected XSS.This issue affects Import Content in WordPress & WooCommerce with Excel: from...
8.8
CVSSv3
CVE-2022-1103
The Advanced Uploader WordPress plugin up to and including 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE
Advanced Uploader Project Advanced Uploader
6.1
CVSSv3
CVE-2022-0892
The Export All URLs WordPress plugin prior to 4.2 does not sanitise and escape the CSV filename before outputting it back in the page, leading to a Reflected Cross-Site Scripting
Atlasgondal Export All Urls
4.8
CVSSv3
CVE-2022-0737
The Text Hover WordPress plugin prior to 4.2 does not sanitize and escape the text to hover, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Text Hover Project Text Hover
4.8
CVSSv3
CVE-2022-1717
The Custom Share Buttons with Floating Sidebar WordPress plugin prior to 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed
Wp-experts Custom Share Buttons With Floating Sidebar
4.8
CVSSv3
CVE-2022-2628
The DSGVO All in one for WP WordPress plugin prior to 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in ...
Dsgvo-for-wp Dsgvo All In One For Wp
6.1
CVSSv3
CVE-2023-3169
The tagDiv Composer WordPress plugin prior to 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated...
Tagdiv Tagdiv Composer
4.8
CVSSv3
CVE-2023-3170
The tagDiv Composer WordPress plugin prior to 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfiltere...
Tagdiv Tagdiv Composer
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2