Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 5.0 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2023-39999
Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 up to and including 6.3.1, from 6.2 up to and including 6.2.2, from 6.1 up to and including 6.13, from 6.0 up to and including 6.0.5, from 5.9 up to and including 5.9.7, from 5.8 up to and including ...
Wordpress Wordpress
Fedoraproject Fedora 37
Fedoraproject Fedora 38
6.1
CVSSv3
CVE-2011-4955
Multiple cross-site scripting (XSS) vulnerabilities in ui_stats.php in the bSuite plugin prior to 5 alpha 3 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) s or (2) p parameters to index.php.
Bsuite Project Bsuite 5.0
Bsuite Project Bsuite
NA
CVE-2013-2703
Cross-site request forgery (CSRF) vulnerability in the Facebook Members plugin prior to 5.0.5 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that modify this plugin's settings.
Crunchify Facebook Members 5.0
Crunchify Facebook Members 4.7
Crunchify Facebook Members 4.6.1
Crunchify Facebook Members 4.6
Crunchify Facebook Members 4.5.3
Crunchify Facebook Members
Crunchify Facebook Members 5.0.2
Crunchify Facebook Members 5.0.3
Crunchify Facebook Members 5.0.1
NA
CVE-2014-7152
Cross-site scripting (XSS) vulnerability in the Easy MailChimp Forms plugin 3.0 up to and including 5.0.6 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the update_options action to wp-admin/admin-ajax.php.
Mailchimp Easy Mailchimp Forms Plugin 5.0.6
Mailchimp Easy Mailchimp Forms Plugin 5.0.5
Mailchimp Easy Mailchimp Forms Plugin 5.0.3
Mailchimp Easy Mailchimp Forms Plugin 4.2
Mailchimp Easy Mailchimp Forms Plugin 4.0
Mailchimp Easy Mailchimp Forms Plugin 5.0.1
Mailchimp Easy Mailchimp Forms Plugin 5.0
Mailchimp Easy Mailchimp Forms Plugin 4.4
Mailchimp Easy Mailchimp Forms Plugin 4.3
Mailchimp Easy Mailchimp Forms Plugin 5.0.4
Mailchimp Easy Mailchimp Forms Plugin 5.0.2
Mailchimp Easy Mailchimp Forms Plugin 4.2.1
Mailchimp Easy Mailchimp Forms Plugin 4.1
Mailchimp Easy Mailchimp Forms Plugin 3.0
NA
CVE-2013-3258
Cross-site request forgery (CSRF) vulnerability in he Digg Digg plugin prior to 5.3.5 for WordPress allows remote malicious users to hijack the authentication of users for requests that modify settings via unspecified vectors.
Bufferapp Digg Digg 5.2.8
Bufferapp Digg Digg 5.2.7
Bufferapp Digg Digg 5.2
Bufferapp Digg Digg 5.1.2
Bufferapp Digg Digg 5.0
Bufferapp Digg Digg
Bufferapp Digg Digg 5.3.3
Bufferapp Digg Digg 5.2.6
Bufferapp Digg Digg 5.2.5
Bufferapp Digg Digg 5.1.1
Bufferapp Digg Digg 5.1
Bufferapp Digg Digg 5.3.0
Bufferapp Digg Digg 5.2.9
Bufferapp Digg Digg 5.2.2
Bufferapp Digg Digg 5.2.1
Bufferapp Digg Digg 5.0.2
Bufferapp Digg Digg 5.0.1
Bufferapp Digg Digg 5.3.2
Bufferapp Digg Digg 5.3.1
Bufferapp Digg Digg 5.2.4
Bufferapp Digg Digg 5.2.3
Bufferapp Digg Digg 5.0.5
6.1
CVSSv3
CVE-2021-24304
The Newsmag WordPress theme prior to 5.0 does not sanitise the td_block_id parameter in its td_ajax_block AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability.
Tagdiv Newsmag
8.8
CVSSv3
CVE-2022-2594
The Advanced Custom Fields WordPress plugin prior to 5.12.3, Advanced Custom Fields Pro WordPress plugin prior to 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possible) if there is a frontend form available. This vulnera...
Advancedcustomfields Advanced Custom Fields
4.8
CVSSv3
CVE-2021-24707
The Learning Courses WordPress plugin prior to 5.0 does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Nd-learning Project Nd-learning
6.5
CVSSv3
CVE-2022-1323
The Discy WordPress theme prior to 5.0 lacks authorization checks then processing ajax requests to the discy_update_options action, allowing any logged in users (with privileges as low as Subscriber,) to change Theme options by sending a crafted POST request.
2code Discy
5.4
CVSSv3
CVE-2023-4963
The WS Facebook Like Box Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ws-facebook-likebox' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attribut...
Webshouters Ws Facebook Like Box Widget
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »