Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.2 vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2023-4388
The EventON WordPress plugin prior to 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Myeventon Eventon
4.8
CVSSv3
CVE-2023-23734
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Voswinkel Userlike – WordPress Live Chat plugin <= 2.2 versions.
Userlike Userlike
4.8
CVSSv3
CVE-2022-4198
The WP Social Sharing WordPress plugin up to and including 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for exampl...
Wp Social Sharing Project Wp Social Sharing
NA
CVE-2012-6692
Cross-site scripting (XSS) vulnerability in js/wp-seo-metabox.js in the WordPress SEO by Yoast plugin prior to 2.2 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the post_title parameter to wp-admin/post-new.php, which is not properly handl...
Yoast Wordpress Seo
NA
CVE-2014-3907
Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin prior to 2.6.11 for WordPress allows remote malicious users to hijack the authentication of arbitrary users.
Mailpoet Mailpoet Newsletters 2.1.1
Mailpoet Mailpoet Newsletters 2.0.6
Mailpoet Mailpoet Newsletters 1.1.5
Mailpoet Mailpoet Newsletters 2.0
Mailpoet Mailpoet Newsletters 2.6.6
Mailpoet Mailpoet Newsletters 2.1.2
Mailpoet Mailpoet Newsletters 2.6.3
Mailpoet Mailpoet Newsletters 1.0.1
Mailpoet Mailpoet Newsletters 2.5.4
Mailpoet Mailpoet Newsletters 0.9.2
Mailpoet Mailpoet Newsletters 2.3.1
Mailpoet Mailpoet Newsletters 2.4.1
Mailpoet Mailpoet Newsletters 2.3.2
Mailpoet Mailpoet Newsletters 2.6
Mailpoet Mailpoet Newsletters 2.5.9.3
Mailpoet Mailpoet Newsletters 2.0.7
Mailpoet Mailpoet Newsletters 2.0.8
Mailpoet Mailpoet Newsletters 2.0.9
Mailpoet Mailpoet Newsletters 2.4.4
Mailpoet Mailpoet Newsletters 2.6.4
Mailpoet Mailpoet Newsletters 2.5.3
Mailpoet Mailpoet Newsletters 2.3.3
NA
CVE-2014-4725
The MailPoet Newsletters (wysija-newsletters) plugin prior to 2.6.7 for WordPress allows remote malicious users to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/...
Mailpoet Mailpoet Newsletters 2.1.1
Mailpoet Mailpoet Newsletters 2.0.6
Mailpoet Mailpoet Newsletters 1.1.5
Mailpoet Mailpoet Newsletters 2.0
Mailpoet Mailpoet Newsletters 2.1.2
Mailpoet Mailpoet Newsletters 2.6.3
Mailpoet Mailpoet Newsletters 1.0.1
Mailpoet Mailpoet Newsletters 2.5.4
Mailpoet Mailpoet Newsletters 0.9.2
Mailpoet Mailpoet Newsletters 2.3.1
Mailpoet Mailpoet Newsletters 2.4.1
Mailpoet Mailpoet Newsletters 2.3.2
Mailpoet Mailpoet Newsletters 2.6
Mailpoet Mailpoet Newsletters 2.5.9.3
Mailpoet Mailpoet Newsletters 2.0.7
Mailpoet Mailpoet Newsletters 2.0.8
Mailpoet Mailpoet Newsletters 2.0.9
Mailpoet Mailpoet Newsletters 2.4.4
Mailpoet Mailpoet Newsletters 2.6.4
Mailpoet Mailpoet Newsletters 2.5.3
Mailpoet Mailpoet Newsletters 2.3.3
Mailpoet Mailpoet Newsletters 2.0.5
1 EDB exploit
NA
CVE-2014-4726
Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin prior to 2.6.8 for WordPress has unspecified impact and attack vectors.
Mailpoet Mailpoet Newsletters 2.1.1
Mailpoet Mailpoet Newsletters 2.0.6
Mailpoet Mailpoet Newsletters 1.1.5
Mailpoet Mailpoet Newsletters 2.0
Mailpoet Mailpoet Newsletters 2.6.6
Mailpoet Mailpoet Newsletters 2.1.2
Mailpoet Mailpoet Newsletters 2.6.3
Mailpoet Mailpoet Newsletters 1.0.1
Mailpoet Mailpoet Newsletters 2.5.4
Mailpoet Mailpoet Newsletters 0.9.2
Mailpoet Mailpoet Newsletters 2.3.1
Mailpoet Mailpoet Newsletters 2.4.1
Mailpoet Mailpoet Newsletters 2.3.2
Mailpoet Mailpoet Newsletters 2.6
Mailpoet Mailpoet Newsletters 2.5.9.3
Mailpoet Mailpoet Newsletters 2.0.7
Mailpoet Mailpoet Newsletters 2.0.8
Mailpoet Mailpoet Newsletters 2.0.9
Mailpoet Mailpoet Newsletters 2.4.4
Mailpoet Mailpoet Newsletters 2.6.4
Mailpoet Mailpoet Newsletters 2.5.3
Mailpoet Mailpoet Newsletters 2.3.3
NA
CVE-2014-4717
Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin prior to 4.5 for WordPress allow remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba...
Sharethis Simple Share Buttons Adder 2.2
Sharethis Simple Share Buttons Adder 2.0
Sharethis Simple Share Buttons Adder 1.0
Sharethis Simple Share Buttons Adder 3.2
Sharethis Simple Share Buttons Adder 3.9
Sharethis Simple Share Buttons Adder 3.8
Sharethis Simple Share Buttons Adder 1.5
Sharethis Simple Share Buttons Adder 2.3
Sharethis Simple Share Buttons Adder 1.1
Sharethis Simple Share Buttons Adder 3.0
Sharethis Simple Share Buttons Adder 2.4
Sharethis Simple Share Buttons Adder 3.5
Sharethis Simple Share Buttons Adder 2.8
Sharethis Simple Share Buttons Adder 4.2
Sharethis Simple Share Buttons Adder 4.0
Sharethis Simple Share Buttons Adder 4.1
Sharethis Simple Share Buttons Adder 1.9
Sharethis Simple Share Buttons Adder 2.9
Sharethis Simple Share Buttons Adder 3.4
Sharethis Simple Share Buttons Adder 3.1
Sharethis Simple Share Buttons Adder 1.6
Sharethis Simple Share Buttons Adder 2.6
1 EDB exploit
NA
CVE-2014-4569
Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and previous versions for WordPress allows remote malicious users to inject arbitrary web script or HTML via the room_name parameter.
Videowhisper Videowhisper Live Streaming Integration 4.27.2
Videowhisper Videowhisper Live Streaming Integration 2.0
Videowhisper Videowhisper Live Streaming Integration 1.0.2
Videowhisper Videowhisper Live Streaming Integration 4.07
Videowhisper Videowhisper Live Streaming Integration 4.05
Videowhisper Videowhisper Live Streaming Integration 2.1
Videowhisper Videowhisper Live Streaming Integration 4.25
Videowhisper Videowhisper Live Streaming Integration 2.2
Videowhisper Videowhisper Live Streaming Integration
NA
CVE-2012-4915
Directory traversal vulnerability in the Google Doc Embedder plugin prior to 2.5.4 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php.
Davistribe Google Doc Embedder
Davistribe Google Doc Embedder 2.0
Davistribe Google Doc Embedder 2.1
Davistribe Google Doc Embedder 2.2
Davistribe Google Doc Embedder 2.2.1
Davistribe Google Doc Embedder 2.2.2
Davistribe Google Doc Embedder 2.2.3
Davistribe Google Doc Embedder 2.3
Davistribe Google Doc Embedder 2.4
Davistribe Google Doc Embedder 2.4.1
Davistribe Google Doc Embedder 2.4.2
Davistribe Google Doc Embedder 2.4.3
Davistribe Google Doc Embedder 2.4.4
Davistribe Google Doc Embedder 2.4.5
Davistribe Google Doc Embedder 2.4.6
Davistribe Google Doc Embedder 2.5
Davistribe Google Doc Embedder 2.5.1
Davistribe Google Doc Embedder 2.5.2
1 EDB exploit
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege
CVE-2022-48762
CVE-2022-48751
CVE-2024-37079
CVE-2024-30848
LFI
man-in-the-middle
CVE-2022-48736
CVE-2024-30103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »