Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.0.2 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2020-36738
The Cool Timeline (Horizontal & Vertical Timeline) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the ctl_save() function. This makes it possible for unauthentic...
Coolplugins Cool Timeline
4.3
CVSSv3
CVE-2023-0554
The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated malicious users to update menu ...
Thingsforrestaurants Quick Restaurant Menu
4.3
CVSSv3
CVE-2023-0550
The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action i...
Thingsforrestaurants Quick Restaurant Menu
NA
CVE-2023-6969
The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the user_meta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with con...
NA
CVE-2014-8877
The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin prior to 2.0.4 for WordPress allows remote malicious users to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by t...
Creative Minds Cm Download Manager 2.0.2
Creative Minds Cm Download Manager
Creative Minds Cm Download Manager 2.0.1
Creative Minds Cm Download Manager 2.0.0
1 EDB exploit
2 Nmap scripts
1 Github repository
NA
CVE-2014-8585
Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.
Wpdownloadmanager Wordpress Download Manager 1.1
Wpdownloadmanager Wordpress Download Manager 1.2
Wpdownloadmanager Wordpress Download Manager 1.2.1
Wpdownloadmanager Wordpress Download Manager 1.2.2
Wpdownloadmanager Wordpress Download Manager 1.2.3
Wpdownloadmanager Wordpress Download Manager 1.2.4
Wpdownloadmanager Wordpress Download Manager 1.2.5
Wpdownloadmanager Wordpress Download Manager 1.3
Wpdownloadmanager Wordpress Download Manager 1.4
Wpdownloadmanager Wordpress Download Manager 1.5
Wpdownloadmanager Wordpress Download Manager 1.5.1
Wpdownloadmanager Wordpress Download Manager 1.5.2
Wpdownloadmanager Wordpress Download Manager 1.5.3
Wpdownloadmanager Wordpress Download Manager 1.5.9
Wpdownloadmanager Wordpress Download Manager 1.5.32
Wpdownloadmanager Wordpress Download Manager 1.5.33
Wpdownloadmanager Wordpress Download Manager 2.0.1
Wpdownloadmanager Wordpress Download Manager 2.0.2
Wpdownloadmanager Wordpress Download Manager 2.0.3
Wpdownloadmanager Wordpress Download Manager 2.0.4
Wpdownloadmanager Wordpress Download Manager 2.0.5
Wpdownloadmanager Wordpress Download Manager 2.0.6
NA
CVE-2014-6312
Cross-site request forgery (CSRF) vulnerability in the Login Widget With Shortcode (login-sidebar-widget) plugin prior to 3.2.1 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks ...
Login Widget With Shortcode Project Login Widget With Shortcode 1.0.1
Login Widget With Shortcode Project Login Widget With Shortcode 2.1.3
Login Widget With Shortcode Project Login Widget With Shortcode
Login Widget With Shortcode Project Login Widget With Shortcode 2.2.3
Login Widget With Shortcode Project Login Widget With Shortcode 2.0.1
Login Widget With Shortcode Project Login Widget With Shortcode 2.2.4
Login Widget With Shortcode Project Login Widget With Shortcode 2.0.2
1 EDB exploit
NA
CVE-2014-6243
Cross-site scripting (XSS) vulnerability in the EWWW Image Optimizer plugin prior to 2.0.2 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the error parameter in the ewww-image-optimizer.php page to wp-admin/options-general.php, which is not...
Ewww Image Optimizer Plugin Project Ewww Image Optimizer Plugin
Ewww Image Optimizer Plugin Project Ewww Image Optimizer Plugin 2.0.0
NA
CVE-2014-5337
The WordPress Mobile Pack plugin prior to 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote malicious users to obtain sensitive information via an exportarticles action to export/content.php.
Wordpress Mobile Pack Project Wordpress Mobile Pack 1.2.0
Wordpress Mobile Pack Project Wordpress Mobile Pack
Wpmobilepack Wordpress Mobile Pack 1.0.8223
Wpmobilepack Wordpress Mobile Pack 1.1.1
Wpmobilepack Wordpress Mobile Pack 1.1.2
Wpmobilepack Wordpress Mobile Pack 1.1.3
Wpmobilepack Wordpress Mobile Pack 1.1.9
Wpmobilepack Wordpress Mobile Pack 1.1.91
Wpmobilepack Wordpress Mobile Pack 1.1.92
Wpmobilepack Wordpress Mobile Pack 1.2.1
Wpmobilepack Wordpress Mobile Pack 1.2.3
Wpmobilepack Wordpress Mobile Pack 1.2.4
Wpmobilepack Wordpress Mobile Pack 1.2.5
Wpmobilepack Wordpress Mobile Pack 2.0
NA
CVE-2014-3907
Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin prior to 2.6.11 for WordPress allows remote malicious users to hijack the authentication of arbitrary users.
Mailpoet Mailpoet Newsletters 2.1.1
Mailpoet Mailpoet Newsletters 2.0.6
Mailpoet Mailpoet Newsletters 1.1.5
Mailpoet Mailpoet Newsletters 2.0
Mailpoet Mailpoet Newsletters 2.6.6
Mailpoet Mailpoet Newsletters 2.1.2
Mailpoet Mailpoet Newsletters 2.6.3
Mailpoet Mailpoet Newsletters 1.0.1
Mailpoet Mailpoet Newsletters 2.5.4
Mailpoet Mailpoet Newsletters 0.9.2
Mailpoet Mailpoet Newsletters 2.3.1
Mailpoet Mailpoet Newsletters 2.4.1
Mailpoet Mailpoet Newsletters 2.3.2
Mailpoet Mailpoet Newsletters 2.6
Mailpoet Mailpoet Newsletters 2.5.9.3
Mailpoet Mailpoet Newsletters 2.0.7
Mailpoet Mailpoet Newsletters 2.0.8
Mailpoet Mailpoet Newsletters 2.0.9
Mailpoet Mailpoet Newsletters 2.4.4
Mailpoet Mailpoet Newsletters 2.6.4
Mailpoet Mailpoet Newsletters 2.5.3
Mailpoet Mailpoet Newsletters 2.3.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »