Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.0 vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2014-9032
Cross-site scripting (XSS) vulnerability in the media-playlists feature in WordPress prior to 3.9.x prior to 3.9.3 and 4.x prior to 4.0.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Wordpress Wordpress 3.9.1
Wordpress Wordpress 4.0
Wordpress Wordpress 3.9
Wordpress Wordpress 3.9.2
383
VMScore
CVE-2014-7152
Cross-site scripting (XSS) vulnerability in the Easy MailChimp Forms plugin 3.0 up to and including 5.0.6 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the update_options action to wp-admin/admin-ajax.php.
Mailchimp Easy Mailchimp Forms Plugin 5.0.6
Mailchimp Easy Mailchimp Forms Plugin 5.0.5
Mailchimp Easy Mailchimp Forms Plugin 5.0.3
Mailchimp Easy Mailchimp Forms Plugin 4.2
Mailchimp Easy Mailchimp Forms Plugin 4.0
Mailchimp Easy Mailchimp Forms Plugin 5.0.1
Mailchimp Easy Mailchimp Forms Plugin 5.0
Mailchimp Easy Mailchimp Forms Plugin 4.4
Mailchimp Easy Mailchimp Forms Plugin 4.3
Mailchimp Easy Mailchimp Forms Plugin 5.0.4
Mailchimp Easy Mailchimp Forms Plugin 5.0.2
Mailchimp Easy Mailchimp Forms Plugin 4.2.1
Mailchimp Easy Mailchimp Forms Plugin 4.1
Mailchimp Easy Mailchimp Forms Plugin 3.0
383
VMScore
CVE-2011-3854
Cross-site scripting (XSS) vulnerability in the ZenLite theme prior to 4.4 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the s parameter.
Quirm Zenlite
Quirm Zenlite 1.0
Quirm Zenlite 1.1
Quirm Zenlite 1.2
Quirm Zenlite 1.3
Quirm Zenlite 2.0
Quirm Zenlite 2.1
Quirm Zenlite 2.2
Quirm Zenlite 2.4
Quirm Zenlite 2.5
Quirm Zenlite 2.6
Quirm Zenlite 2.7
Quirm Zenlite 3.0
Quirm Zenlite 3.1
Quirm Zenlite 3.2
Quirm Zenlite 3.3
Quirm Zenlite 3.4
Quirm Zenlite 3.5
Quirm Zenlite 3.51
Quirm Zenlite 3.52
Quirm Zenlite 3.60
Quirm Zenlite 3.61
356
VMScore
CVE-2021-24872
The Get Custom Field Values WordPress plugin prior to 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata.
Get Custom Field Values Project Get Custom Field Values
NA
CVE-2024-5224
The Easy Social Like Box – Popup – Sidebar Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cardoza_facebook_like_box' shortcode in all versions up to, and including, 4.0 due to insufficient input sanitization a...
NA
CVE-2024-2304
The Animated Headline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animated-headline' shortcode in all versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. ...
NA
CVE-2023-5467
The GEO my WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers w...
Geomywp Geo My Wordpress
NA
CVE-2023-3139
The Protect WP Admin WordPress plugin prior to 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered.
Wp-experts Protect Wp Admin
NA
CVE-2023-1596
The tagDiv Composer WordPress plugin prior to 4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Tagdiv Composer
NA
CVE-2022-4458
The amr shortcode any widget WordPress plugin up to and including 4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks wh...
Amr Shortcode Any Widget Project Amr Shortcode Any Widget
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »