Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.0.4 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2018-0585
Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Ultimatemember Ultimate Member
5.3
CVSSv3
CVE-2023-6963
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated malicious users to bypass the Captcha Verification of the Contact Form block by omitting 'g-recaptcha-...
Motopress Getwid - Gutenberg Blocks
4.8
CVSSv3
CVE-2022-3836
The Seed Social WordPress plugin prior to 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite ...
Seedwebs Seed Social
4.8
CVSSv3
CVE-2022-3610
The Jeeng Push Notifications WordPress plugin prior to 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example ...
Jeeng Push Notifications Project Jeeng Push Notifications
4.8
CVSSv3
CVE-2021-36848
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Feather (WordPress plugin) versions <= 2.0.4
Sharethis Social Media Feather
4.8
CVSSv3
CVE-2021-24482
The Related Posts for WordPress plugin up to and including 2.0.4 does not sanitise its heading_text and CSS settings, allowing high privilege users (admin) to set XSS payloads in them, leading to Stored Cross-Site Scripting issues.
Never5 Related Posts
4.3
CVSSv3
CVE-2022-23981
The vulnerability allows Subscriber+ level users to create brands in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4).
Quadlayers Perfect Brands For Woocommerce
4.3
CVSSv3
CVE-2021-24355
In the Simple 301 Redirects by BetterLinks WordPress plugin prior to 2.0.4, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/get_wildcard and simple301redirects/admin/wildcard, made it possible for authenticated users to ret...
Wpdeveloper Simple 301 Redirects
4.3
CVSSv3
CVE-2018-0587
Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors.
Ultimatemember User Profile \\& Membership
4.3
CVSSv3
CVE-2018-0586
Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated malicious users to read arbitrary files via unspecified vectors.
Ultimatemember User Profile \\& Membership
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »