Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.0.6 vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2019-16522
The eu-cookie-law plugin up to and including 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color...
Eu Cookie Law Project Eu Cookie Law
383
VMScore
CVE-2013-6342
Cross-site scripting (XSS) vulnerability in the Tweet Blender plugin prior to 4.0.2 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the tb_tab_index parameter to wp-admin/options-general.php.
Tweet-blender Tweet-blender
Tweet-blender Tweet-blender 4.0.0
Tweet-blender Tweet-blender 3.3.15
Tweet-blender Tweet-blender 3.3.14
Tweet-blender Tweet-blender 3.3.0
Tweet-blender Tweet-blender 3.2.4
Tweet-blender Tweet-blender 3.2.3
Tweet-blender Tweet-blender 3.2.2
Tweet-blender Tweet-blender 3.1.8
Tweet-blender Tweet-blender 3.1.7
Tweet-blender Tweet-blender 3.1.6
Tweet-blender Tweet-blender 3.1.5
Tweet-blender Tweet-blender 3.1.4
Tweet-blender Tweet-blender 3.0.0
Tweet-blender Tweet-blender 2.4.7
Tweet-blender Tweet-blender 2.4.6
Tweet-blender Tweet-blender 2.4.5
Tweet-blender Tweet-blender 2.0.4
Tweet-blender Tweet-blender 2.0.3
Tweet-blender Tweet-blender 2.0.2
Tweet-blender Tweet-blender 2.0.1
Tweet-blender Tweet-blender 3.3.9
445
VMScore
CVE-2019-17230
includes/theme-functions.php in the OneTone theme up to and including 3.0.6 for WordPress allows unauthenticated options changes.
Mageewp Onetone
383
VMScore
CVE-2019-17231
includes/theme-functions.php in the OneTone theme up to and including 3.0.6 for WordPress has multiple stored XSS issues.
Mageewp Onetone
312
VMScore
CVE-2021-24888
The ImageBoss WordPress plugin prior to 3.0.6 does not sanitise and escape its Source Name setting, which could allow high privilege users to perform Cross-Site Scripting attacks
Imageboss Imageboss
231
VMScore
CVE-2021-24976
The Smart SEO Tool WordPress plugin prior to 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting
Wbolt Smart Seo Tool
445
VMScore
CVE-2022-0140
The Visual Form Builder WordPress plugin prior to 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint.
Vfbpro Visual Form Builder
NA
CVE-2023-3992
The PostX WordPress plugin prior to 3.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Wpxpo Postx
383
VMScore
CVE-2017-9420
Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin prior to 3.3.0 for WordPress allows remote malicious users to inject arbitrary JavaScript via the yr parameter.
Sunnythemes Spiffy Calendar 3.0.8
Sunnythemes Spiffy Calendar 3.0.7
Sunnythemes Spiffy Calendar 3.0.0
Sunnythemes Spiffy Calendar 2.1.3
Sunnythemes Spiffy Calendar 1.2.0
Sunnythemes Spiffy Calendar 1.1.8
Sunnythemes Spiffy Calendar 1.1.2
Sunnythemes Spiffy Calendar 1.1.1
Sunnythemes Spiffy Calendar 3.1.3
Sunnythemes Spiffy Calendar 3.1.2
Sunnythemes Spiffy Calendar 3.0.4
Sunnythemes Spiffy Calendar 3.0.3
Sunnythemes Spiffy Calendar 2.1.0
Sunnythemes Spiffy Calendar 2.0.1
Sunnythemes Spiffy Calendar 1.1.5
Sunnythemes Spiffy Calendar 2.0.0
Sunnythemes Spiffy Calendar 1.0.3
Sunnythemes Spiffy Calendar 1.0.1
Sunnythemes Spiffy Calendar 3.1.1
Sunnythemes Spiffy Calendar 3.1.0
Sunnythemes Spiffy Calendar 3.0.2
Sunnythemes Spiffy Calendar 3.0.1
312
VMScore
CVE-2022-0450
The Menu Image, Icons made easy WordPress plugin prior to 3.0.6 does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any authenticate users, such as subscriber can update the settings or arbitrary men...
Freshlightlab Menu Image\\, Icons Made Easy
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »