Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.2.0 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-8710
A remote code execution issue exists in the WooCommerce Products Filter (aka WOOF) plugin prior to 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The plugin implemented a page redraw AJAX function accessible to anyone without any aut...
Woocommerce-filter Woocommerce Products Filter
7.2
CVSSv3
CVE-2023-2493
The All In One Redirection WordPress plugin prior to 2.2.0 does not properly sanitise and escape multiple parameters before using them in an SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
Vsourz All In One Redirection
7.2
CVSSv3
CVE-2022-3856
The Comic Book Management System WordPress plugin prior to 2.2.0 does not sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.
Inksplat Comic Book Management System
5.4
CVSSv3
CVE-2021-24258
The Elements Kit Lite and Elements Kit Pro WordPress Plugins prior to 2.2.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
6.1
CVSSv3
CVE-2023-3292
The grid-kit-premium WordPress plugin prior to 2.2.0 does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Wpsofts Portfolio Gallery\\, Product Catalog - Grid Kit Portfolio
6.5
CVSSv3
CVE-2022-1761
The Peter’s Collaboration E-mails WordPress plugin up to and including 2.2.0 is vulnerable to CSRF due to missing nonce checks. This allows the change of its settings, which can be used to lower the required user level, change texts, the used email address and more.
Peter\\'s Collaboration E-mails Project Peter\\'s Collaboration E-mails
NA
CVE-2012-4033
Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin prior to 2.4.0 for WordPress have unknown impact and attack vectors.
Zingiri Zingiri Web Shop 2.3.4
Zingiri Zingiri Web Shop 2.3.3
Zingiri Zingiri Web Shop 2.2.1
Zingiri Zingiri Web Shop 2.2.0
Zingiri Zingiri Web Shop 2.0.2
Zingiri Zingiri Web Shop 2.0.1
Zingiri Zingiri Web Shop 1.6.1
Zingiri Zingiri Web Shop 1.6.0
Zingiri Zingiri Web Shop 1.5.3
Zingiri Zingiri Web Shop 1.5.2
Zingiri Zingiri Web Shop 1.4.3
Zingiri Zingiri Web Shop 1.4.2
Zingiri Zingiri Web Shop 1.3.3
Zingiri Zingiri Web Shop 1.3.2
Zingiri Zingiri Web Shop 1.2.6
Zingiri Zingiri Web Shop 1.2.5
Zingiri Zingiri Web Shop 1.0.4
Zingiri Zingiri Web Shop 1.0.3
Zingiri Zingiri Web Shop 2.3.2
Zingiri Zingiri Web Shop 2.3.1
Zingiri Zingiri Web Shop 2.1.3
Zingiri Zingiri Web Shop 2.1.2
4.8
CVSSv3
CVE-2023-3645
The Contact Form Builder by Bit Form WordPress plugin prior to 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ...
Bitapps Contact Form Builder
5.4
CVSSv3
CVE-2023-4823
The WP Meta and Date Remover WordPress plugin prior to 2.2.0 provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as...
Prasadkirpekar Wp Meta And Date Remover
5.4
CVSSv3
CVE-2022-4487
The Easy Accordion WordPress plugin prior to 2.2.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used a...
Techearty Easy Accordion
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »