Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.2.2 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-4271
Multiple cross-site scripting (XSS) vulnerabilities in bad-behavior-wordpress-admin.php in the Bad Behavior plugin prior to 2.0.47 and 2.2.x prior to 2.2.5 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) httpbl_key, (3)...
Mark Jaquith Bad Behavior
Mark Jaquith Bad Behavior 2.2.0
Mark Jaquith Bad Behavior 2.2.1
Mark Jaquith Bad Behavior 2.2.2
Mark Jaquith Bad Behavior 2.2.3
Mark Jaquith Bad Behavior 2.2.4
Wordpress Wordpress -
9.8
CVSSv3
CVE-2021-24499
The Workreap WordPress theme prior to 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the ...
Amentotech Workreap
3 Github repositories
7.5
CVSSv3
CVE-2018-10363
An issue exists in the WpDevArt "Booking calendar, Appointment Booking System" plugin 2.2.2 for WordPress. Multiple parameters allow remote malicious users to manipulate the values to change data such as prices.
Wpdevart Booking Calendar 2.2.2
NA
CVE-2013-1407
Multiple cross-site scripting (XSS) vulnerabilities in the Events Manager plugin prior to 5.3.5 and Events Manager Pro plugin prior to 2.2.9 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) scope parameter to index.php; (2) user_name, ...
Netweblogic Events Manager
Netweblogic Events Manager 5.3.2.1
Netweblogic Events Manager 5.3.1
Netweblogic Events Manager 5.3.2
Netweblogic Events Manager 5.3.3
Netweblogic Events Manager 5.3
Netweblogic Events Manager Pro
Netweblogic Events Manager Pro 2.2.5
Netweblogic Events Manager Pro 2.2.3
Netweblogic Events Manager Pro 2.2.8
Netweblogic Events Manager Pro 2.2.2
Netweblogic Events Manager Pro 2.2.1
Netweblogic Events Manager Pro 2.2.6
Netweblogic Events Manager Pro 2.2.4
Netweblogic Events Manager Pro 2.2
NA
CVE-2012-4915
Directory traversal vulnerability in the Google Doc Embedder plugin prior to 2.5.4 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php.
Davistribe Google Doc Embedder
Davistribe Google Doc Embedder 2.0
Davistribe Google Doc Embedder 2.1
Davistribe Google Doc Embedder 2.2
Davistribe Google Doc Embedder 2.2.1
Davistribe Google Doc Embedder 2.2.2
Davistribe Google Doc Embedder 2.2.3
Davistribe Google Doc Embedder 2.3
Davistribe Google Doc Embedder 2.4
Davistribe Google Doc Embedder 2.4.1
Davistribe Google Doc Embedder 2.4.2
Davistribe Google Doc Embedder 2.4.3
Davistribe Google Doc Embedder 2.4.4
Davistribe Google Doc Embedder 2.4.5
Davistribe Google Doc Embedder 2.4.6
Davistribe Google Doc Embedder 2.5
Davistribe Google Doc Embedder 2.5.1
Davistribe Google Doc Embedder 2.5.2
1 EDB exploit
1 Github repository
NA
CVE-2012-6112
classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon prior to 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x prior to 2.1.10, 2.2.x prior to 2.2.7, 2.3.x prior to 2.3.4, and 2.4.x prior to 2.4.1 and other products, does not properly handle control charact...
Tinymce Spellchecker Php 2.0
Tinymce Spellchecker Php 2.0.1
Tinymce Spellchecker Php 2.0.2
Tinymce Spellchecker Php 2.0.3
Tinymce Spellchecker Php 2.0.6
Moodle Moodle 2.1.2
Moodle Moodle 2.1.8
Moodle Moodle 2.1.9
Moodle Moodle 2.1.1
Moodle Moodle 2.1.5
Moodle Moodle 2.1.6
Moodle Moodle 2.1.3
Moodle Moodle 2.1.7
Moodle Moodle 2.1.4
Moodle Moodle 2.1.0
Moodle Moodle 2.2.2
Moodle Moodle 2.2.6
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.2.5
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
NA
CVE-2012-3576
Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin prior to 2.5.30 for WordPress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads...
Jquindlen Wpstorecart
Jquindlen Wpstorecart 0.62
Jquindlen Wpstorecart 1.0.0
Jquindlen Wpstorecart 2.0.0
Jquindlen Wpstorecart 2.0.1
Jquindlen Wpstorecart 2.0.2
Jquindlen Wpstorecart 2.0.3
Jquindlen Wpstorecart 2.0.4
Jquindlen Wpstorecart 2.0.5
Jquindlen Wpstorecart 2.0.6
Jquindlen Wpstorecart 2.0.7
Jquindlen Wpstorecart 2.0.8
Jquindlen Wpstorecart 2.0.9
Jquindlen Wpstorecart 2.0.10
Jquindlen Wpstorecart 2.0.11
Jquindlen Wpstorecart 2.0.12
Jquindlen Wpstorecart 2.0.13
Jquindlen Wpstorecart 2.1.0
Jquindlen Wpstorecart 2.1.1
Jquindlen Wpstorecart 2.1.2
Jquindlen Wpstorecart 2.1.3
Jquindlen Wpstorecart 2.1.4
1 EDB exploit
NA
CVE-2013-6342
Cross-site scripting (XSS) vulnerability in the Tweet Blender plugin prior to 4.0.2 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the tb_tab_index parameter to wp-admin/options-general.php.
Tweet-blender Tweet-blender 3.2.2
Tweet-blender Tweet-blender 2.0.1
Tweet-blender Tweet-blender 3.3.9
Tweet-blender Tweet-blender 3.3.6
Tweet-blender Tweet-blender 3.3.15
Tweet-blender Tweet-blender 3.1.5
Tweet-blender Tweet-blender 3.0.1
Tweet-blender Tweet-blender 3.3.7
Tweet-blender Tweet-blender 3.1.12
Tweet-blender Tweet-blender 3.3.4
Tweet-blender Tweet-blender 2.4.6
Tweet-blender Tweet-blender 3.3.5
Tweet-blender Tweet-blender 3.1.7
Tweet-blender Tweet-blender 2.0.5
Tweet-blender Tweet-blender 3.3.13
Tweet-blender Tweet-blender 2.4.5
Tweet-blender Tweet-blender 3.1.8
Tweet-blender Tweet-blender 3.0.4
Tweet-blender Tweet-blender 2.3.0
Tweet-blender Tweet-blender 3.3.8
Tweet-blender Tweet-blender 3.1.10
Tweet-blender Tweet-blender 3.1.11
NA
CVE-2014-4725
The MailPoet Newsletters (wysija-newsletters) plugin prior to 2.6.7 for WordPress allows remote malicious users to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/...
Mailpoet Mailpoet Newsletters 2.1.1
Mailpoet Mailpoet Newsletters 2.0.6
Mailpoet Mailpoet Newsletters 1.1.5
Mailpoet Mailpoet Newsletters 2.0
Mailpoet Mailpoet Newsletters 2.1.2
Mailpoet Mailpoet Newsletters 2.6.3
Mailpoet Mailpoet Newsletters 1.0.1
Mailpoet Mailpoet Newsletters 2.5.4
Mailpoet Mailpoet Newsletters 0.9.2
Mailpoet Mailpoet Newsletters 2.3.1
Mailpoet Mailpoet Newsletters 2.4.1
Mailpoet Mailpoet Newsletters 2.3.2
Mailpoet Mailpoet Newsletters 2.6
Mailpoet Mailpoet Newsletters 2.5.9.3
Mailpoet Mailpoet Newsletters 2.0.7
Mailpoet Mailpoet Newsletters 2.0.8
Mailpoet Mailpoet Newsletters 2.0.9
Mailpoet Mailpoet Newsletters 2.4.4
Mailpoet Mailpoet Newsletters 2.6.4
Mailpoet Mailpoet Newsletters 2.5.3
Mailpoet Mailpoet Newsletters 2.3.3
Mailpoet Mailpoet Newsletters 2.0.5
1 EDB exploit
4.3
CVSSv3
CVE-2022-45369
Auth. (subscriber+) Broken Access Control vulnerability in Plugin for Google Reviews plugin <= 2.2.2 on WordPress.
Richplugins Plugin For Google Reviews
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29824
CVE-2024-30095
CVE-2024-30104
client side
CVE-2024-5840
CVE-2024-34405
unprivileged
wireless
CVE-2024-4577
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »