Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.0 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-1470
The Ultimate WooCommerce CSV Importer WordPress plugin up to and including 2.0 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting
Ultimate Woocommerce Csv Importer Project Ultimate Woocommerce Csv Importer
5.4
CVSSv3
CVE-2022-27859
Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark d.o.o. Travel Management plugin <= 2.0 at WordPress.
Nicdark Nd-travel
8.8
CVSSv3
CVE-2022-1918
The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing nonce validation on the plugin_toolbar_comparte page. This makes it possible for unauthenticated malicious users to update the plugi...
Toolbar To Share Project Toolbar To Share
4.8
CVSSv3
CVE-2022-1294
The IMDB info box WordPress plugin up to and including 2.0 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
99webtools Imdb Info Box
9.8
CVSSv3
CVE-2022-0783
The Multiple Shipping Address Woocommerce WordPress plugin prior to 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections
Themehigh Multiple Shipping Addresses For Woocommerce
8.8
CVSSv3
CVE-2022-0215
The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart Woocommerce (Ajax) WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the save_settings function found in the ~/includes/xoo-framework/admin/class-xoo-admin-settings.p...
Xootix Waitlist Woocommerce
Xootix Side Cart Woocommerce
Xootix Login/signup Popup
6.1
CVSSv3
CVE-2021-38353
The Dropdown and scrollable Text WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the content parameter found in the ~/index.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 2.0.
Webodid Dropdown And Scrollable Text
6.1
CVSSv3
CVE-2021-24305
The Target First WordPress Plugin v2.0, also previously known as Watcheezy, suffers from a critical unauthenticated stored XSS vulnerability. An attacker could change the licence key value through a POST on any URL with the 'weeWzKey' parameter that will be save as the ...
Targetfirst Watcheezy 2.0
6.1
CVSSv3
CVE-2021-24235
The Goto WordPress theme prior to 2.0 does not sanitise the keywords and start_date GET parameter on its Tour List page, leading to an unauthenticated reflected Cross-Site Scripting issue.
Boostifythemes Goto
6.1
CVSSv3
CVE-2019-20141
An XSS issue exists in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter.
Laborator Neon 2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »