Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.0 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2017-6104
Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0.
Zen Mobile App Native Project Zen Mobile App Native
1 EDB exploit
7.4
CVSSv3
CVE-2024-5091
The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Age Gate and Creative Slider widgets in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attribut...
6.5
CVSSv3
CVE-2024-4194
The The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_s...
6.5
CVSSv3
CVE-2023-0824
The User registration & user profile WordPress plugin up to and including 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow malicious users to make logged-in admin add Stored XSS payloads via a CSRF attack.
Wpuserplus Userplus
6.4
CVSSv3
CVE-2024-3726
The Login Logout Register Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'llrmloginlogout' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attri...
6.1
CVSSv3
CVE-2012-10013
A vulnerability was found in Kau-Boy Backend Localization Plugin up to 1.6.1 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the file backend_localization.php. The manipulation leads to cross site scripting. The attack may be initiate...
Kau-boys Backend Localization
6.1
CVSSv3
CVE-2012-10014
A vulnerability classified as problematic has been found in Kau-Boy Backend Localization Plugin 2.0 on WordPress. Affected is the function backend_localization_admin_settings/backend_localization_save_setting/backend_localization_login_form/localize_backend of the file backend_lo...
Kau-boys Backend Localization
6.1
CVSSv3
CVE-2022-1470
The Ultimate WooCommerce CSV Importer WordPress plugin up to and including 2.0 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting
Ultimate Woocommerce Csv Importer Project Ultimate Woocommerce Csv Importer
6.1
CVSSv3
CVE-2021-38353
The Dropdown and scrollable Text WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the content parameter found in the ~/index.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 2.0.
Webodid Dropdown And Scrollable Text
6.1
CVSSv3
CVE-2021-24305
The Target First WordPress Plugin v2.0, also previously known as Watcheezy, suffers from a critical unauthenticated stored XSS vulnerability. An attacker could change the licence key value through a POST on any URL with the 'weeWzKey' parameter that will be save as the ...
Targetfirst Watcheezy 2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »