Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.0.4 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-2555
The Yotpo Reviews for WooCommerce WordPress plugin up to and including 2.0.4 lacks nonce check when updating its settings, which could allow malicious user to make a logged in admin change them via a CSRF attack.
Yotpo Reviews For Woocommerce Project Yotpo Reviews For Woocommerce
1 Github repository
6.1
CVSSv3
CVE-2022-0346
The XML Sitemap Generator for Google WordPress plugin prior to 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on.
Xmlsitemapgenerator Xml Sitemap Generator
6.1
CVSSv3
CVE-2018-20965
The ultimate-member plugin prior to 2.0.4 for WordPress has XSS.
Ultimatemember Ultimate Member
5.4
CVSSv3
CVE-2022-4512
The Better Font Awesome WordPress plugin prior to 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site ...
Better Font Awesome Project Better Font Awesome
5.4
CVSSv3
CVE-2022-4706
The Genesis Columns Advanced WordPress plugin prior to 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks which cou...
Genesis Columns Advanced Project Genesis Columns Advanced
5.4
CVSSv3
CVE-2022-0148
The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs WordPress plugin prior to 2.0.4 was vulnerable to reflected XSS on the my-sticky-elements-leads admin page.
Premio Mystickyelements
5.4
CVSSv3
CVE-2021-24883
The Popup Anything WordPress plugin prior to 2.0.4 does not escape the Link Text and Button Text fields of Popup, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks
Essentialplugin Popup Anything
5.4
CVSSv3
CVE-2021-24478
The Bookshelf WordPress plugin up to and including 2.0.4 does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue
Bookshelf Project Bookshelf
5.4
CVSSv3
CVE-2021-24180
Unvalidated input and lack of output encoding within the Related Posts for WordPress plugin prior to 2.0.4 lead to a Reflected Cross-Site Scripting (XSS) vulnerability within the 'lang' GET parameter while editing a post, triggered when users with the capability of edit...
Never5 Related Posts
5.4
CVSSv3
CVE-2020-20626
lara-google-analytics.php in Lara Google Analytics plugin up to and including 2.0.4 for WordPress allows authenticated stored XSS.
Lara\\'s Google Analytics Project Lara\\'s Google Analytics
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »