Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.1 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2022-1695
The WP Simple Adsense Insertion WordPress plugin prior to 2.1 does not perform CSRF checks on updates to its admin page, allowing an malicious user to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form.
Tipsandtricks-hq Wp Simple Adsense Insertion
4
CVSSv2
CVE-2022-29447
Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Hover Effects plugin <= 2.1 at WordPress.
Wow-company Hover Effects
3.5
CVSSv2
CVE-2022-0874
The WP Social Buttons WordPress plugin up to and including 2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Wp-experts Wp Social Buttons
3.5
CVSSv2
CVE-2022-0674
The Kunze Law WordPress plugin prior to 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Kunze-medien Kunze Law
6.5
CVSSv2
CVE-2021-25054
The WPcalc WordPress plugin up to and including 2.1 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability.
Wow-company Wpcalc
4.3
CVSSv2
CVE-2021-24776
The WP Performance Score Booster WordPress plugin prior to 2.1 does not have CSRF check when saving its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack.
Wp Performance Score Booster Project Wp Performance Score Booster
3.5
CVSSv2
CVE-2021-24476
The Steam Group Viewer WordPress plugin up to and including 2.1 does not sanitise or escape its "Steam Group Address" settings before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue
Steam Group Viewer Project Steam Group Viewer
4.3
CVSSv2
CVE-2021-24297
The Goto WordPress theme prior to 2.1 did not properly sanitize the formvalue JSON POST parameter in its tl_filter AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability.
Boostifythemes Goto
7.5
CVSSv2
CVE-2021-24314
The Goto WordPress theme prior to 2.1 did not sanitise, validate of escape the keywords GET parameter from its listing page before using it in a SQL statement, leading to an Unauthenticated SQL injection issue
Boostifythemes Goto
4.3
CVSSv2
CVE-2020-15537
An issue exists in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new title field, a product field to the p/ URI, or the Products Search box.
Vanguard Project Vanguard 2.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »