Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.9.1 vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2010-0682
WordPress 2.9 prior to 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.
Wordpress Wordpress 2.9
Wordpress Wordpress 2.9.1
1 EDB exploit
3.5
CVSSv2
CVE-2012-4422
wp-admin/plugins.php in WordPress prior to 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin ...
Wordpress Wordpress 2.5.1
Wordpress Wordpress 2.1.3
Wordpress Wordpress 2.2.1
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.3.1
Wordpress Wordpress 2.2.2
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.1
Wordpress Wordpress 2.6.5
Wordpress Wordpress 2.8.3
Wordpress Wordpress 2.8.1
Wordpress Wordpress 2.3
Wordpress Wordpress 2.0.8
Wordpress Wordpress 2.8
Wordpress Wordpress 2.0.9
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.10
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.0.5
Wordpress Wordpress 2.7.1
Wordpress Wordpress 2.8.5
2.1
CVSSv2
CVE-2010-5297
WordPress prior to 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances ...
Wordpress Wordpress 2.0.7
Wordpress Wordpress 2.0.8
Wordpress Wordpress 2.0.9
Wordpress Wordpress 2.1
Wordpress Wordpress 2.5.1
Wordpress Wordpress 2.6
Wordpress Wordpress 2.6.1
Wordpress Wordpress 2.6.2
Wordpress Wordpress 2.6.3
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.9
Wordpress Wordpress 2.9.1
Wordpress Wordpress 2.9.1.1
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.0.5
Wordpress Wordpress 2.1.2
Wordpress Wordpress 2.2
Wordpress Wordpress 2.3.1
Wordpress Wordpress 2.3.3
Wordpress Wordpress 2.6.5
Wordpress Wordpress 2.7.1
Wordpress Wordpress 2.8.5
NA
CVE-2024-2458
The Powerkit – Supercharge your WordPress Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.9.1 due to insufficient input sanitization and output escaping on user supplied attribut...
NA
CVE-2024-1962
The CM Download Manager WordPress plugin prior to 2.9.1 does not have CSRF checks in some places, which could allow malicious users to make logged in admins edit downloads via a CSRF attack
NA
CVE-2022-3823
The Beautiful Cookie Consent Banner WordPress plugin prior to 2.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for e...
Beautiful-cookie-banner Beautiful Cookie Consent Banner
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5