Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.2 vulnerabilities and exploits
(subscribe to this query)
570
VMScore
CVE-2014-10390
The wp-support-plus-responsive-ticket-system plugin prior to 4.2 for WordPress has directory traversal.
Wpsupportplus Wp Support Plus Responsive Ticket System
445
VMScore
CVE-2014-10388
The wp-support-plus-responsive-ticket-system plugin prior to 4.2 for WordPress has full path disclosure.
Wpsupportplus Wp Support Plus Responsive Ticket System
NA
CVE-2024-32585
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendWP Import Content in WordPress & WooCommerce with Excel allows Reflected XSS.This issue affects Import Content in WordPress & WooCommerce with Excel: from...
578
VMScore
CVE-2022-1103
The Advanced Uploader WordPress plugin up to and including 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE
Advanced Uploader Project Advanced Uploader
383
VMScore
CVE-2022-0892
The Export All URLs WordPress plugin prior to 4.2 does not sanitise and escape the CSV filename before outputting it back in the page, leading to a Reflected Cross-Site Scripting
Atlasgondal Export All Urls
312
VMScore
CVE-2022-0737
The Text Hover WordPress plugin prior to 4.2 does not sanitize and escape the text to hover, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Text Hover Project Text Hover
312
VMScore
CVE-2022-1717
The Custom Share Buttons with Floating Sidebar WordPress plugin prior to 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed
Wp-experts Custom Share Buttons With Floating Sidebar
NA
CVE-2022-2628
The DSGVO All in one for WP WordPress plugin prior to 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in ...
Dsgvo-for-wp Dsgvo All In One For Wp
NA
CVE-2023-3169
The tagDiv Composer WordPress plugin prior to 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated...
Tagdiv Tagdiv Composer
NA
CVE-2023-3170
The tagDiv Composer WordPress plugin prior to 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfiltere...
Tagdiv Tagdiv Composer
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2