Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.0.9 vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2021-24610
The TranslatePress WordPress plugin prior to 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trp_sanitize_string' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which cou...
Cozmoslabs Translatepress
1 Github repository
1000
VMScore
CVE-2012-3576
Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin prior to 2.5.30 for WordPress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads...
Jquindlen Wpstorecart 2.5.24
Jquindlen Wpstorecart 2.5.23
Jquindlen Wpstorecart 2.5.15
Jquindlen Wpstorecart 2.5.14
Jquindlen Wpstorecart 2.5.7
Jquindlen Wpstorecart 2.5.5
Jquindlen Wpstorecart 2.4.14
Jquindlen Wpstorecart 2.4.13
Jquindlen Wpstorecart 2.4.5
Jquindlen Wpstorecart 2.4.4
Jquindlen Wpstorecart 2.3.15
Jquindlen Wpstorecart 2.3.14
Jquindlen Wpstorecart 2.3.7
Jquindlen Wpstorecart 2.3.6
Jquindlen Wpstorecart 2.2.8
Jquindlen Wpstorecart 2.2.7
Jquindlen Wpstorecart 2.2.0
Jquindlen Wpstorecart 2.1.8
Jquindlen Wpstorecart 2.1.1
Jquindlen Wpstorecart 2.1.0
Jquindlen Wpstorecart 2.0.6
Jquindlen Wpstorecart 2.0.5
1 EDB exploit
755
VMScore
CVE-2014-4725
The MailPoet Newsletters (wysija-newsletters) plugin prior to 2.6.7 for WordPress allows remote malicious users to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/...
Mailpoet Mailpoet Newsletters 2.6.4
Mailpoet Mailpoet Newsletters 2.6.3
Mailpoet Mailpoet Newsletters 2.6.2
Mailpoet Mailpoet Newsletters 2.6.1
Mailpoet Mailpoet Newsletters 2.5.1
Mailpoet Mailpoet Newsletters 2.5
Mailpoet Mailpoet Newsletters 2.4.4
Mailpoet Mailpoet Newsletters 2.4.3
Mailpoet Mailpoet Newsletters 2.2
Mailpoet Mailpoet Newsletters 2.1.9
Mailpoet Mailpoet Newsletters 2.1.8
Mailpoet Mailpoet Newsletters 2.1.7
Mailpoet Mailpoet Newsletters 2.1.6
Mailpoet Mailpoet Newsletters 2.0.4
Mailpoet Mailpoet Newsletters
Mailpoet Mailpoet Newsletters 2.6
Mailpoet Mailpoet Newsletters 2.5.9.3
Mailpoet Mailpoet Newsletters 2.5.7
Mailpoet Mailpoet Newsletters 2.5.4
Mailpoet Mailpoet Newsletters 2.5.2
Mailpoet Mailpoet Newsletters 2.4.2
Mailpoet Mailpoet Newsletters 2.4
1 EDB exploit
383
VMScore
CVE-2014-3841
Cross-site scripting (XSS) vulnerability in the Contact Bank plugin prior to 2.0.20 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the Label field, related to form layout configuration. NOTE: some of these details are obtained from third pa...
Tech-banker Contact Bank 2.0.16
Tech-banker Contact Bank 2.0.14
Tech-banker Contact Bank 2.0.7
Tech-banker Contact Bank
Tech-banker Contact Bank 2.0.18
Tech-banker Contact Bank 2.0.4
Tech-banker Contact Bank 2.0.3
Tech-banker Contact Bank 2.0.2
Tech-banker Contact Bank 2.0.1
Tech-banker Contact Bank 2.0.12
Tech-banker Contact Bank 2.0.11
Tech-banker Contact Bank 2.0.10
Tech-banker Contact Bank 2.0.9
Tech-banker Contact Bank 2.0.17
Tech-banker Contact Bank 2.0.15
Tech-banker Contact Bank 2.0.13
Tech-banker Contact Bank 2.0.8
Tech-banker Contact Bank 2.0.6
Tech-banker Contact Bank 2.0.5
Tech-banker Contact Bank 2.0.0
NA
CVE-2022-40192
Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.
Gvectors Wpforo Forum
NA
CVE-2022-40200
Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.
Gvectors Wpforo Forum
383
VMScore
CVE-2013-6280
Cross-site scripting (XSS) vulnerability in Social Sharing Toolkit plugin prior to 2.1.2 for WordPress allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Linksalpha Social Sharing Toolkit Plugin
Linksalpha Social Sharing Toolkit Plugin 1.3.1
Linksalpha Social Sharing Toolkit Plugin 1.3.0
Linksalpha Social Sharing Toolkit Plugin 1.2.5
Linksalpha Social Sharing Toolkit Plugin 1.2.0
Linksalpha Social Sharing Toolkit Plugin 1.0.1
Linksalpha Social Sharing Toolkit Plugin 2.0.6
Linksalpha Social Sharing Toolkit Plugin 2.0.5
Linksalpha Social Sharing Toolkit Plugin 2.0.4
Linksalpha Social Sharing Toolkit Plugin 2.0.3
Linksalpha Social Sharing Toolkit Plugin 2.0.9
Linksalpha Social Sharing Toolkit Plugin 2.0.7
Linksalpha Social Sharing Toolkit Plugin 2.0.2
Linksalpha Social Sharing Toolkit Plugin 2.0.0
Linksalpha Social Sharing Toolkit Plugin 1.0.0
Linksalpha Social Sharing Toolkit Plugin 2.1.0
Linksalpha Social Sharing Toolkit Plugin 2.0.8
Linksalpha Social Sharing Toolkit Plugin 2.0.1
Linksalpha Social Sharing Toolkit Plugin 1.3.2
NA
CVE-2022-37342
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability Add Shortcodes Actions And Filters plugin <= 2.0.9 at WordPress.
Add Shortcodes Actions And Filters Project Add Shortcodes Actions And Filters
NA
CVE-2023-0487
The My Sticky Elements WordPress plugin prior to 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement when deleting messages, leading to a SQL injection exploitable by high privilege users such as admin
Premio My Sticky Elements
668
VMScore
CVE-2015-7517
Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin prior to 2.0.9 for WordPress allow remote malicious users to execute arbitrary SQL commands via the ver parameter to (1) class-doifd-download.php or (2) class-doifd-landing-page.php in public/includes...
Labwebdesigns Double Opt-in For Download
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
brute force
CVE-2024-24908
open redirect
CVE-2024-31497
CVE-2023-45866
CVE-2024-4135
CVE-2024-25523
cache poisoning
CVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »