Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.0.1 vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2021-24824
The [field] shortcode included with the Custom Content Shortcode WordPress plugin prior to 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination wi...
Custom Content Shortcode Project Custom Content Shortcode
NA
CVE-2020-36716
The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setup_page function in versions up to, and including, 4.0.1. This makes it possible for unauthenticated malicious users to run the setup wizard (if it has not b...
Wpwhitesecurity Wp Activity Log
NA
CVE-2022-2241
The Featured Image from URL (FIFU) WordPress plugin prior to 4.0.1 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of validation, sanitisation and...
Fifu Featured Image From Url
312
VMScore
CVE-2021-24826
The Custom Content Shortcode WordPress plugin prior to 4.0.2 does not escape custom fields before outputting them, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. Ple...
Custom Content Shortcode Project Custom Content Shortcode
NA
CVE-2023-3197
The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL qu...
Inspireui Mstore Api
356
VMScore
CVE-2021-24825
The Custom Content Shortcode WordPress plugin prior to 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to display arbitrary files from the filesystem (such as logs, .htaccess etc), as well...
Custom Content Shortcode Project Custom Content Shortcode
NA
CVE-2021-4428
A vulnerability has been found in what3words Autosuggest Plugin up to 4.0.0 on WordPress and classified as problematic. Affected by this vulnerability is the function enqueue_scripts of the file w3w-autosuggest/public/class-w3w-autosuggest-public.php of the component Setting Hand...
What3words Autosuggest
9 Github repositories
NA
CVE-2023-5504
The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated malicious users to store backups in arbitrary folders on the server provided they can be written to by the server. Add...
Inpsyde Backwpup
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
malicious code
camera
CVE-2023-46694
CVE-2023-43847
CVE-2023-30311
CVE-2024-27842
CVE-2024-30165
arbitrary code
CVE-2024-21683
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3