Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.1 vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2022-29447
Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Hover Effects plugin <= 2.1 at WordPress.
Wow-company Hover Effects
4.8
CVSSv3
CVE-2022-0874
The WP Social Buttons WordPress plugin up to and including 2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Wp-experts Wp Social Buttons
4.8
CVSSv3
CVE-2022-0674
The Kunze Law WordPress plugin prior to 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Kunze-medien Kunze Law
8.8
CVSSv3
CVE-2021-25054
The WPcalc WordPress plugin up to and including 2.1 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability.
Wow-company Wpcalc
4.3
CVSSv3
CVE-2021-24776
The WP Performance Score Booster WordPress plugin prior to 2.1 does not have CSRF check when saving its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack.
Wp Performance Score Booster Project Wp Performance Score Booster
5.4
CVSSv3
CVE-2021-24476
The Steam Group Viewer WordPress plugin up to and including 2.1 does not sanitise or escape its "Steam Group Address" settings before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue
Steam Group Viewer Project Steam Group Viewer
6.1
CVSSv3
CVE-2021-24297
The Goto WordPress theme prior to 2.1 did not properly sanitize the formvalue JSON POST parameter in its tl_filter AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability.
Boostifythemes Goto
9.8
CVSSv3
CVE-2021-24314
The Goto WordPress theme prior to 2.1 did not sanitise, validate of escape the keywords GET parameter from its listing page before using it in a SQL statement, leading to an Unauthenticated SQL injection issue
Boostifythemes Goto
6.1
CVSSv3
CVE-2020-15537
An issue exists in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new title field, a product field to the p/ URI, or the Products Search box.
Vanguard Project Vanguard 2.1
6.1
CVSSv3
CVE-2015-9507
The Easy Digital Downloads (EDD) Attach Accounts to Orders extension for WordPress, as used with EDD 1.8.x prior to 1.8.7, 1.9.x prior to 1.9.10, 2.0.x prior to 2.0.5, 2.1.x prior to 2.1.11, 2.2.x prior to 2.2.9, and 2.3.x prior to 2.3.7, has XSS because add_query_arg is misused.
Sandhillsdev Easy Digital Downloads
Easydigitaldownloads Attach Accounts To Orders -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »