Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.2.1 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-1904
The Pricing Tables WordPress Plugin WordPress plugin prior to 3.2.1 does not sanitise and escape parameter before outputting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a Reflected Cross-Site Scri...
Fatcatapps Easy Pricing Tables
6.5
CVSSv3
CVE-2022-2091
The Cache Images WordPress plugin prior to 3.2.1 does not implement nonce checks, which could allow malicious users to make any logged user upload images via a CSRF attack.
Cache Images Project Cache Images
4.8
CVSSv3
CVE-2022-0840
The Easy Social Icons WordPress plugin prior to 3.2.1 does not properly escape the image_file field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfiltered_html capability is disallowed.
Cybernetikz Easy Social Icons
6.5
CVSSv3
CVE-2023-2623
The KiviCare WordPress plugin prior to 3.2.1 does not restrict the information returned in a response and returns all user data, allowing low privilege users such as subscriber to retrieve sensitive information such as the user email and hashed password of other users
Iqonic Kivicare
7.2
CVSSv3
CVE-2021-24483
The get_poll_categories(), get_polls() and get_reports() functions in the Poll Maker WordPress plugin prior to 3.2.1 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in ...
Ays-pro Poll Maker
8.8
CVSSv3
CVE-2019-14216
An issue exists in the svg-vector-icon-plugin (aka WP SVG Icons) plugin up to and including 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file.
Wp Svg Icons Project Wp Svg Icons
4.3
CVSSv3
CVE-2023-2627
The KiviCare WordPress plugin prior to 3.2.1 does not have proper CSRF and authorisation checks in various AJAX actions, allowing any authenticated users, such as subscriber to call them. Attacks include but are not limited to: Add arbitrary Clinic Admin/Doctors/etc and update pl...
Iqonic Kivicare
8.8
CVSSv3
CVE-2021-24804
The Simple JWT Login WordPress plugin prior to 3.2.1 does not have nonce checks when saving its settings, allowing malicious users to make a logged in admin changed them. Settings such as HMAC verification secret, account registering and default user roles can be updated, which c...
Simple Jwt Login Project Simple Jwt Login
8.8
CVSSv3
CVE-2023-2628
The KiviCare WordPress plugin prior to 3.2.1 does not have CSRF checks (either flawed or missing completely) in various AJAX actions, which could allow malicious users to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete ...
Iqonic Kivicare
5.3
CVSSv3
CVE-2023-0085
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. This is due to insufficient server side checking on the captcha value submitted during a form submission. This makes it possible for unauthen...
Wpmet Metform Elementor Contact Form Builder
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975
CVE-2024-2961
CVE-2024-20380
XML injection
HTML injection
CVE-2024-29204
CVE-2023-51795
memory leak
CVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »