Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.0.4 vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2022-2629
The Top Bar WordPress plugin prior to 3.0.4 does not sanitise and escape some of its settings before outputting them in frontend pages, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is ...
Wpdarko Top Bar
8.8
CVSSv3
CVE-2021-4382
The Recently plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the fetch_external_image() function in versions up to, and including, 3.0.4. This makes it possible for authenticated malicious users to upload arbitrary files on the ...
Recently Project Recently
7.5
CVSSv3
CVE-2022-3119
The OAuth client Single Sign On WordPress plugin prior to 3.0.4 does not have authorisation and CSRF when updating its settings, which could allow unauthenticated malicious users to update them and change the OAuth endpoints to ones they controls, allowing them to then be authent...
Oauth Client Single Sign On Project Oauth Client Single Sign On
NA
CVE-2024-1352
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtcl_import_location() rtcl_import_category() functions in all versions up t...
NA
CVE-2024-1239
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blog post read more button in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated a...
5.4
CVSSv3
CVE-2023-5470
The Etsy Shop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'etsy-shop' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authentic...
Etsy Shop Project Etsy Shop
4.8
CVSSv3
CVE-2021-41836
The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the $site_id parameter found in the ~/fathom-analytics.php file which allowed attackers with administrative user access to inject arbitrary web...
Conva Fathom Analytics
NA
CVE-2014-7228
Akeeba Restore (restore.php), as used in Joomla! 2.5.4 up to and including 2.5.25, 3.x up to and including 3.2.5, and 3.3.0 up to and including 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 up to and including 4.0.2; Backup Professional for WordPress 1.0.b1 up to and includ...
Joomla Joomla\\! 2.5.4
Joomla Joomla\\! 2.5.11
Joomla Joomla\\! 2.5.13
Joomla Joomla\\! 2.5.18
Joomla Joomla\\! 2.5.21
Joomla Joomla\\! 3.0.2
Joomla Joomla\\! 3.0.4
Joomla Joomla\\! 3.1.6
Joomla Joomla\\! 3.2.1
Joomla Joomla\\! 3.3.0
Joomla Joomla\\! 3.3.2
Joomla Joomla\\! 2.5.5
Joomla Joomla\\! 2.5.6
Joomla Joomla\\! 2.5.7
Joomla Joomla\\! 2.5.8
Joomla Joomla\\! 2.5.9
Joomla Joomla\\! 2.5.23
Joomla Joomla\\! 2.5.24
Joomla Joomla\\! 2.5.25
Joomla Joomla\\! 3.0.0
Joomla Joomla\\! 3.2.2
Joomla Joomla\\! 3.2.3
1 EDB exploit
NA
CVE-2012-4263
Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (better_wp_security) plugin prior to 3.2.5 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the HTTP_USER_AGENT header.
Bit51 Better-wp-security 3.2.1
Bit51 Better-wp-security 3.2
Bit51 Better-wp-security 3.0.7
Bit51 Better-wp-security 3.0.6
Bit51 Better-wp-security 2.18
Bit51 Better-wp-security 2.17
Bit51 Better-wp-security 2.9
Bit51 Better-wp-security 2.8
Bit51 Better-wp-security 2.1
Bit51 Better-wp-security 2.0
Bit51 Better-wp-security 1.4
Bit51 Better-wp-security 1.3
Bit51 Better-wp-security 0.11
Bit51 Better-wp-security 0.10
Bit51 Better-wp-security 0.3
Bit51 Better-wp-security 0.2
Bit51 Better-wp-security -
Bit51 Better-wp-security
Bit51 Better-wp-security 3.2.3
Bit51 Better-wp-security 3.2.2
Bit51 Better-wp-security 3.0.9
Bit51 Better-wp-security 3.0.8
NA
CVE-2024-1315
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing or incorrect nonce validation on the 'rtcl_update_user_account...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »