Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-6220
The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetforms_ajax_form_builder' function in versions up to, and including, 1.0.26. This makes it possible for unauthenticated malicious users ...
Piotnet Piotnet Forms
9.8
CVSSv3
CVE-2018-25095
The Duplicator WordPress plugin prior to 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server.
Snapcreek Duplicator
1 Github repository
9.8
CVSSv3
CVE-2023-5877
The affiliate-toolkit WordPress plugin prior to 3.4.3 lacks authorization and authentication for requests to it's affiliate-toolkit-starter/tools/atkp_imagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 pr...
Servit Affiliate-toolkit
9.8
CVSSv3
CVE-2023-51419
Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n/a up to and including 1.11.10.7.
Bertha Bertha Ai
9.8
CVSSv3
CVE-2023-51700
Unofficial Mobile BankID Integration for WordPress lets users employ Mobile BankID to authenticate themselves on your WordPress site. before 1.0.1, WP-Mobile-BankID-Integration is affected by a vulnerability classified as a Deserialization of Untrusted Data vulnerability, specifi...
Jamieblomerus Unofficial Mobile Bankid Integration
9.8
CVSSv3
CVE-2023-5991
The Hotel Booking Lite WordPress plugin prior to 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server
Motopress Hotel Booking Lite
9.8
CVSSv3
CVE-2023-6971
The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. This makes it possible for unauthenticated malicious users to include remote files on the server, resulting in code execution. ...
Backupbliss Backup Migration
9.8
CVSSv3
CVE-2023-6972
The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP ...
Backupbliss Backup Migration
9.8
CVSSv3
CVE-2023-49826
Deserialization of Untrusted Data vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a up to and including 8.4.1.
Pencidesign Soledad
9.8
CVSSv3
CVE-2023-29384
Unrestricted Upload of File with Dangerous Type vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a up to and including 2.0.
Hmplugin Jobwp
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »