Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.0 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-29430
Cross-Site Scripting (XSS) vulnerability in KubiQ's PNG to JPG plugin <= 4.0 at WordPress via Cross-Site Request Forgery (CSRF). Vulnerable parameter &jpg_quality.
Png To Jpg Project Png To Jpg
6.1
CVSSv3
CVE-2023-3139
The Protect WP Admin WordPress plugin prior to 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered.
Wp-experts Protect Wp Admin
6.1
CVSSv3
CVE-2021-24335
The Car Repair Services & Auto Mechanic WordPress theme prior to 4.0 did not properly sanitise its serviceestimatekey search parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue
Smartdatasoft Car Repair Services \\& Auto Mechanic
6.5
CVSSv3
CVE-2021-24872
The Get Custom Field Values WordPress plugin prior to 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata.
Get Custom Field Values Project Get Custom Field Values
6.1
CVSSv3
CVE-2023-1596
The tagDiv Composer WordPress plugin prior to 4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Tagdiv Composer
4.8
CVSSv3
CVE-2022-3835
The Kwayy HTML Sitemap WordPress plugin prior to 4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multi...
Kwayyinfotech Kwayy Html Sitemap
5.4
CVSSv3
CVE-2022-4458
The amr shortcode any widget WordPress plugin up to and including 4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks wh...
Amr Shortcode Any Widget Project Amr Shortcode Any Widget
NA
CVE-2024-2304
The Animated Headline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animated-headline' shortcode in all versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. ...
6.4
CVSSv3
CVE-2024-5224
The Easy Social Like Box – Popup – Sidebar Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cardoza_facebook_like_box' shortcode in all versions up to, and including, 4.0 due to insufficient input sanitization a...
6.1
CVSSv3
CVE-2021-24294
The dsgvoaio_write_log AJAX action of the DSGVO All in one for WP WordPress plugin prior to 4.0 did not sanitise or escape some POST parameter submitted before outputting them in the Log page in the administrator dashboard (wp-admin/admin.php?page=dsgvoaiofree-show-log). This cou...
Mlfactory Dsgvo All In One For Wp
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »