Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
blog project vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2021-24549
The AceIDE WordPress plugin up to and including 2.6.2 does not sanitise or validate the user input which is appended to system paths before using it in various actions, such as to read arbitrary files from the server. This allows high privilege users such as administrator to acce...
Aceide Project Aceide
NA
CVE-2023-2101
A vulnerability, which was classified as problematic, has been found in moxi624 Mogu Blog v2 up to 5.2. This issue affects the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads to absolute path traversal. Th...
Mogublog Project Mogublog
4.3
CVSSv2
CVE-2022-1793
The Private Files WordPress plugin up to and including 0.40 is missing CSRF check when disabling the protection, which could allow malicious users to make a logged in admin perform such action via a CSRF attack and make the blog public
Private Files Project Private Files 0.40
NA
CVE-2022-2276
The WP Edit Menu WordPress plugin prior to 1.5.0 does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated malicious users to delete arbitrary posts/pages from the blog
Wp Edit Menu Project Wp Edit Menu
4
CVSSv2
CVE-2022-1203
The Content Mask WordPress plugin prior to 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify a...
Content Mask Project Content Mask
1 Github repository
4.3
CVSSv2
CVE-2020-36504
The WP-Pro-Quiz WordPress plugin up to and including 0.37 does not have CSRF check in place when deleting a quiz, which could allow an malicious user to make a logged in admin delete arbitrary quiz on the blog
Wp-pro-quiz Project Wp-pro-quiz
NA
CVE-2022-2275
The WP Edit Menu WordPress plugin prior to 1.5.0 does not have CSRF in an AJAX action, which could allow malicious users to make a logged in admin delete arbitrary posts/pages from the blog via a CSRF attack
Wp Edit Menu Project Wp Edit Menu
5
CVSSv2
CVE-2022-0214
The Custom Popup Builder WordPress plugin prior to 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog
Custom Popup Builder Project Custom Popup Builder
4.3
CVSSv2
CVE-2020-36505
The Delete All Comments Easily WordPress plugin up to and including 1.3 is lacking Cross-Site Request Forgery (CSRF) checks, which could result in an unauthenticated attacker making a logged in admin delete all comments from the blog.
Delete All Comments Easily Project Delete All Comments Easily
NA
CVE-2022-4354
A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /blog/comment of the component Message Board. The manipulation leads to cross site scripting. The attack may be launched remotely. T...
Pb-cms Project Pb-cms 2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »