Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.1 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2015-9532
The Easy Digital Downloads (EDD) Digital Store theme for WordPress, as used with EDD 1.8.x prior to 1.8.7, 1.9.x prior to 1.9.10, 2.0.x prior to 2.0.5, 2.1.x prior to 2.1.11, 2.2.x prior to 2.2.9, and 2.3.x prior to 2.3.7, has XSS because add_query_arg is misused.
Sandhillsdev Easy Digital Downloads
Easydigitaldownloads Digital Store -
6.1
CVSSv3
CVE-2015-9533
The Easy Digital Downloads (EDD) Lattice theme for WordPress, as used with EDD 1.8.x prior to 1.8.7, 1.9.x prior to 1.9.10, 2.0.x prior to 2.0.5, 2.1.x prior to 2.1.11, 2.2.x prior to 2.2.9, and 2.3.x prior to 2.3.7, has XSS because add_query_arg is misused.
Sandhillsdev Easy Digital Downloads
Easydigitaldownloads Lattice -
6.1
CVSSv3
CVE-2015-9536
The Easy Digital Downloads (EDD) Twenty-Twelve theme for WordPress, as used with EDD 1.8.x prior to 1.8.7, 1.9.x prior to 1.9.10, 2.0.x prior to 2.0.5, 2.1.x prior to 2.1.11, 2.2.x prior to 2.2.9, and 2.3.x prior to 2.3.7, has XSS because add_query_arg is misused.
Sandhillsdev Easy Digital Downloads
Easydigitaldownloads Twenty-twelve -
6.1
CVSSv3
CVE-2017-18591
The gd-rating-system plugin prior to 2.1 for WordPress has XSS in log.php.
Gdragon Gd Rating System
6.1
CVSSv3
CVE-2019-7413
In the Parallax Scroll (aka adamrob-parallax-scroll) plugin prior to 2.1 for WordPress, includes/adamrob-parralax-shortcode.php allows XSS via the title text. ("parallax" has a spelling change within the PHP filename.)
Parallax Scroll Project Parallax Scroll
5.4
CVSSv3
CVE-2023-5639
The Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tmfshortcode' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This make...
Themepoints Team Showcase
5.4
CVSSv3
CVE-2023-45067
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ashish Ajani WordPress Simple HTML Sitemap plugin <= 2.1 versions.
Freelancer-coder Wordpress Simple Html Sitemap
5.4
CVSSv3
CVE-2023-4841
The Feeds for YouTube for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube-feed' shortcode in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Smashballoon Feeds For Youtube
5.4
CVSSv3
CVE-2022-1763
Due to missing checks the Static Page eXtended WordPress plugin up to and including 2.1 is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. This could also lead to Stored Cross-Site Scripting due to the la...
Static Page Extended Project Static Page Extended
5.4
CVSSv3
CVE-2021-24476
The Steam Group Viewer WordPress plugin up to and including 2.1 does not sanitise or escape its "Steam Group Address" settings before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue
Steam Group Viewer Project Steam Group Viewer
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-38627
CVE-2022-45803
CVE-2024-38319
camera
template injection
CVE-2024-27801
CVE-2024-0762
CVE-2024-5791
unauthorized
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »