Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 5.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-39999
Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 up to and including 6.3.1, from 6.2 up to and including 6.2.2, from 6.1 up to and including 6.13, from 6.0 up to and including 6.0.5, from 5.9 up to and including 5.9.7, from 5.8 up to and including ...
Wordpress Wordpress
Fedoraproject Fedora 37
Fedoraproject Fedora 38
4.3
CVSSv2
CVE-2011-4955
Multiple cross-site scripting (XSS) vulnerabilities in ui_stats.php in the bSuite plugin prior to 5 alpha 3 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) s or (2) p parameters to index.php.
Bsuite Project Bsuite 5.0
Bsuite Project Bsuite
6.8
CVSSv2
CVE-2013-2703
Cross-site request forgery (CSRF) vulnerability in the Facebook Members plugin prior to 5.0.5 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that modify this plugin's settings.
Crunchify Facebook Members 5.0
Crunchify Facebook Members 4.7
Crunchify Facebook Members 4.6.1
Crunchify Facebook Members 4.6
Crunchify Facebook Members 4.5.3
Crunchify Facebook Members
Crunchify Facebook Members 5.0.2
Crunchify Facebook Members 5.0.3
Crunchify Facebook Members 5.0.1
4.3
CVSSv2
CVE-2014-7152
Cross-site scripting (XSS) vulnerability in the Easy MailChimp Forms plugin 3.0 up to and including 5.0.6 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the update_options action to wp-admin/admin-ajax.php.
Mailchimp Easy Mailchimp Forms Plugin 5.0.6
Mailchimp Easy Mailchimp Forms Plugin 5.0.5
Mailchimp Easy Mailchimp Forms Plugin 5.0.3
Mailchimp Easy Mailchimp Forms Plugin 4.2
Mailchimp Easy Mailchimp Forms Plugin 4.0
Mailchimp Easy Mailchimp Forms Plugin 5.0.1
Mailchimp Easy Mailchimp Forms Plugin 5.0
Mailchimp Easy Mailchimp Forms Plugin 4.4
Mailchimp Easy Mailchimp Forms Plugin 4.3
Mailchimp Easy Mailchimp Forms Plugin 5.0.4
Mailchimp Easy Mailchimp Forms Plugin 5.0.2
Mailchimp Easy Mailchimp Forms Plugin 4.2.1
Mailchimp Easy Mailchimp Forms Plugin 4.1
Mailchimp Easy Mailchimp Forms Plugin 3.0
6.8
CVSSv2
CVE-2013-3258
Cross-site request forgery (CSRF) vulnerability in he Digg Digg plugin prior to 5.3.5 for WordPress allows remote malicious users to hijack the authentication of users for requests that modify settings via unspecified vectors.
Bufferapp Digg Digg 5.2.8
Bufferapp Digg Digg 5.2.7
Bufferapp Digg Digg 5.2
Bufferapp Digg Digg 5.1.2
Bufferapp Digg Digg 5.0
Bufferapp Digg Digg
Bufferapp Digg Digg 5.3.3
Bufferapp Digg Digg 5.2.6
Bufferapp Digg Digg 5.2.5
Bufferapp Digg Digg 5.1.1
Bufferapp Digg Digg 5.1
Bufferapp Digg Digg 5.3.0
Bufferapp Digg Digg 5.2.9
Bufferapp Digg Digg 5.2.2
Bufferapp Digg Digg 5.2.1
Bufferapp Digg Digg 5.0.2
Bufferapp Digg Digg 5.0.1
Bufferapp Digg Digg 5.3.2
Bufferapp Digg Digg 5.3.1
Bufferapp Digg Digg 5.2.4
Bufferapp Digg Digg 5.2.3
Bufferapp Digg Digg 5.0.5
4.3
CVSSv2
CVE-2021-24304
The Newsmag WordPress theme prior to 5.0 does not sanitise the td_block_id parameter in its td_ajax_block AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability.
Tagdiv Newsmag
NA
CVE-2022-2594
The Advanced Custom Fields WordPress plugin prior to 5.12.3, Advanced Custom Fields Pro WordPress plugin prior to 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possible) if there is a frontend form available. This vulnera...
Advancedcustomfields Advanced Custom Fields
3.5
CVSSv2
CVE-2021-24707
The Learning Courses WordPress plugin prior to 5.0 does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Nd-learning Project Nd-learning
NA
CVE-2022-1323
The Discy WordPress theme prior to 5.0 lacks authorization checks then processing ajax requests to the discy_update_options action, allowing any logged in users (with privileges as low as Subscriber,) to change Theme options by sending a crafted POST request.
2code Discy
NA
CVE-2023-4963
The WS Facebook Like Box Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ws-facebook-likebox' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attribut...
Webshouters Ws Facebook Like Box Widget
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »