Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.7 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-4631
The DoLogin Security WordPress plugin prior to 3.7 uses headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing.
Wpdo5ea Dologin Security
1 Github repository
NA
CVE-2023-4549
The DoLogin Security WordPress plugin prior to 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by malicious users to conduct Stored XSS attacks via WordPress' login form.
Wpdo5ea Dologin Security
1 Github repository
NA
CVE-2023-2078
The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the recieve_post, bmc_disconnect, name_post, and widget_post functions in versions up to, and including, 3....
Buymeacoffee Buy Me A Coffee
NA
CVE-2023-2079
The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the recieve_post, bmc_disconnect, name_post, and widget_post functions in versions up to, and including, 3.7. This ...
Buymeacoffee Buy Me A Coffee
NA
CVE-2023-2578
The Buy Me a Coffee WordPress plugin prior to 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisit...
Buymeacoffee Buy Me A Coffee
NA
CVE-2023-25972
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in IKSWEB WordPress ????? plugin <= 3.7 versions.
Iksweb Wordpress Ctapt
NA
CVE-2022-43497
Cross-site scripting vulnerability in WordPress versions before 6.0.3 allows a remote unauthenticated malicious user to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.
Wordpress Wordpress
NA
CVE-2022-43504
Improper authentication vulnerability in WordPress versions before 6.0.3 allows a remote unauthenticated malicious user to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all ve...
Wordpress Wordpress
NA
CVE-2022-43500
Cross-site scripting vulnerability in WordPress versions before 6.0.3 allows a remote unauthenticated malicious user to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.
Wordpress Wordpress
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3