Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-1061
The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the 'get_view' function.
Bplugins Html5 Video Player
9.8
CVSSv3
CVE-2022-40700
Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP &nda...
Millionclues Admin Css Mu
Deano Amp Toolbox
Unihost Confirm Data
Agence-press Css Adder
Millionclues Custom Login Admin Front-end Css
Montonio Montonio For Woocommerce
Frumph Phpfreechat
Designmodo Qards
Paulclark Styles
Squidesma Theme Minifier
Longwatchstudio Woosupply
Longwatchstudio Woovip
Longwatchstudio Woovirtualwallet
Arcstone Amo For Wp - Membership Management
Wpopal Wpopal Core Features
9.8
CVSSv3
CVE-2021-4434
The Social Warfare plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.5.2 via the 'swp_url' parameter. This allows malicious users to execute code on the server.
Warfareplugins Social Warfare
9.8
CVSSv3
CVE-2022-1609
The School Management WordPress plugin prior to 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated malicious user to execute arbitrary PHP code on the site.
Weblizar School Management
4 Github repositories
9.8
CVSSv3
CVE-2023-0224
The GiveWP WordPress plugin prior to 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks
Givewp Givewp
9.8
CVSSv3
CVE-2023-3211
The WordPress Database Administrator WordPress plugin up to and including 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
Dmparekh Wordpress Database Administrator
9.8
CVSSv3
CVE-2023-6049
The Estatik Real Estate Plugin WordPress plugin prior to 4.1.1 unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog
Estatik Estatik
9.8
CVSSv3
CVE-2023-6623
The Essential Blocks WordPress plugin prior to 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks.
Wpdeveloper Essential Blocks
9.8
CVSSv3
CVE-2023-6875
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, ...
Wpexperts Post Smtp Mailer
2 Github repositories
9.8
CVSSv3
CVE-2023-6220
The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetforms_ajax_form_builder' function in versions up to, and including, 1.0.26. This makes it possible for unauthenticated malicious users ...
Piotnet Piotnet Forms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »