Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.3 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-5292
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-information page.
Gd Rating System Project Gd Rating System 2.3
6.1
CVSSv3
CVE-2018-5293
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-tools page.
Gd Rating System Project Gd Rating System 2.3
7.5
CVSSv3
CVE-2018-5287
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page.
Gd Rating System Project Gd Rating System 2.3
7.5
CVSSv3
CVE-2018-5291
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-tools page.
Gd Rating System Project Gd Rating System 2.3
5.4
CVSSv3
CVE-2018-5214
The "Add Link to Facebook" plugin up to and including 2.3 for WordPress has XSS via the al2fb_facebook_id parameter to wp-admin/profile.php.
Add Link To Facebook Project Add Link To Facebook
9.8
CVSSv3
CVE-2014-8621
SQL injection vulnerability in the Store Locator plugin 2.3 up to and including 3.11 for WordPress allows remote malicious users to execute arbitrary SQL commands via the sl_custom_field parameter to sl-xml.php.
Store Locator Project Store Locator 3.11
Store Locator Project Store Locator 2.3
9.8
CVSSv3
CVE-2016-10033
The mailSend function in the isMail transport in PHPMailer prior to 5.2.18 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
Phpmailer Project Phpmailer
Wordpress Wordpress
Joomla Joomla!
9 EDB exploits
121 Github repositories
NA
CVE-2015-5482
Directory traversal vulnerability in the GD bbPress Attachments plugin prior to 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php.
Dev4press Gd Bbpress Attachments
NA
CVE-2015-5481
Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD bbPress Attachments plugin prior to 2.3 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php.
Dev4press Gd Bbpress Attachments
NA
CVE-2015-1375
pixabay-images.php in the Pixabay Images plugin prior to 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote malicious users to write to arbitrary files.
Pixabay Images Project Pixabay Images
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »