Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.0.1 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-2537
The WooCommerce PDF Invoices & Packing Slips WordPress plugin prior to 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting.
Wpovernight Woocommerce Pdf Invoices\\& Packing Slips
4.3
CVSSv3
CVE-2022-3151
The WP Custom Cursors WordPress plugin prior to 3.0.1 does not have CSRF check in place when deleting cursors, which could allow malicious users to made a logged in admin delete arbitrary cursors via a CSRF attack.
Wp Custom Cursors Project Wp Custom Cursors
6.1
CVSSv3
CVE-2017-9420
Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin prior to 3.3.0 for WordPress allows remote malicious users to inject arbitrary JavaScript via the yr parameter.
Sunnythemes Spiffy Calendar 3.0.8
Sunnythemes Spiffy Calendar 3.0.7
Sunnythemes Spiffy Calendar 3.0.0
Sunnythemes Spiffy Calendar 2.1.3
Sunnythemes Spiffy Calendar 1.2.0
Sunnythemes Spiffy Calendar 1.1.8
Sunnythemes Spiffy Calendar 1.1.2
Sunnythemes Spiffy Calendar 1.1.1
Sunnythemes Spiffy Calendar 3.1.3
Sunnythemes Spiffy Calendar 3.1.2
Sunnythemes Spiffy Calendar 3.0.4
Sunnythemes Spiffy Calendar 3.0.3
Sunnythemes Spiffy Calendar 2.1.0
Sunnythemes Spiffy Calendar 2.0.1
Sunnythemes Spiffy Calendar 1.1.5
Sunnythemes Spiffy Calendar 2.0.0
Sunnythemes Spiffy Calendar 1.0.3
Sunnythemes Spiffy Calendar 1.0.1
Sunnythemes Spiffy Calendar 3.1.1
Sunnythemes Spiffy Calendar 3.1.0
Sunnythemes Spiffy Calendar 3.0.2
Sunnythemes Spiffy Calendar 3.0.1
4.8
CVSSv3
CVE-2022-3135
The SEO Smart Links WordPress plugin up to and including 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for exampl...
Seo Smart Links Project Seo Smart Links
5.4
CVSSv3
CVE-2023-0169
The Zoho Forms WordPress plugin prior to 3.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
Zohocorp Zoho Forms
6.1
CVSSv3
CVE-2022-3149
The WP Custom Cursors WordPress plugin prior to 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow malicious users to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping ...
Wp Custom Cursors Project Wp Custom Cursors
8.8
CVSSv3
CVE-2023-0088
The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on several AJAX actions handling page creation and deletion among other things. This makes it pos...
Swifty Page Manager Project Swifty Page Manager
4.8
CVSSv3
CVE-2023-0087
The Swifty Page Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘spm_plugin_options_page_tree_max_width’ parameter in versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possi...
Swifty Page Manager Project Swifty Page Manager
NA
CVE-2014-7228
Akeeba Restore (restore.php), as used in Joomla! 2.5.4 up to and including 2.5.25, 3.x up to and including 3.2.5, and 3.3.0 up to and including 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 up to and including 4.0.2; Backup Professional for WordPress 1.0.b1 up to and includ...
Joomla Joomla\\! 2.5.4
Joomla Joomla\\! 2.5.11
Joomla Joomla\\! 2.5.13
Joomla Joomla\\! 2.5.18
Joomla Joomla\\! 2.5.21
Joomla Joomla\\! 3.0.2
Joomla Joomla\\! 3.0.4
Joomla Joomla\\! 3.1.6
Joomla Joomla\\! 3.2.1
Joomla Joomla\\! 3.3.0
Joomla Joomla\\! 3.3.2
Joomla Joomla\\! 2.5.5
Joomla Joomla\\! 2.5.6
Joomla Joomla\\! 2.5.7
Joomla Joomla\\! 2.5.8
Joomla Joomla\\! 2.5.9
Joomla Joomla\\! 2.5.23
Joomla Joomla\\! 2.5.24
Joomla Joomla\\! 2.5.25
Joomla Joomla\\! 3.0.0
Joomla Joomla\\! 3.2.2
Joomla Joomla\\! 3.2.3
1 EDB exploit
8.8
CVSSv3
CVE-2023-3343
The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.0.1 via deserialization of untrusted input from the 'profile-pic-url' parameter. This allows authenticated attackers, with subscriber-level permissions a...
Wpeverest User Registration
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »