Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-3822
The Base64 Encoder/Decoder WordPress plugin up to and including 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
NA
CVE-2024-3824
The Base64 Encoder/Decoder WordPress plugin up to and including 0.9.2 does not have CSRF check in place when resetting its settings, which could allow malicious users to make a logged in admin reset them via a CSRF attack
NA
CVE-2024-3548
The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin prior to 7.1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
NA
CVE-2024-3405
The WP Prayer WordPress plugin up to and including 2.0.9 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack
NA
CVE-2024-3406
The WP Prayer WordPress plugin up to and including 2.0.9 does not have CSRF check in place when updating its email settings, which could allow malicious users to make a logged in admin change them via a CSRF attack
NA
CVE-2024-3407
The WP Prayer WordPress plugin up to and including 2.0.9 does not have CSRF checks in some places, which could allow malicious users to make logged in users perform unwanted actions via CSRF attacks
NA
CVE-2024-4208
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the typer effect in the advanced heading widget in all versions up to, and including, 3.2.37 due to insufficient input sanitization and o...
NA
CVE-2024-3189
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps...
NA
CVE-2024-4199
The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 4.2.3. This makes it possible for authenticated attackers, wit...
NA
CVE-2024-4734
The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.26.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attac...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »