Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
blog project vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-35213
Ecommerce-CodeIgniter-Bootstrap before commit 56465f exists to contain a cross-site scripting (XSS) vulnerability via the function base_url() at /blog/blogpublish.php.
Ecommerce-codeigniter-bootstrap Project Ecommerce-codeigniter-bootstrap
2 Github repositories
NA
CVE-2023-2101
A vulnerability, which was classified as problematic, has been found in moxi624 Mogu Blog v2 up to 5.2. This issue affects the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads to absolute path traversal. Th...
Mogublog Project Mogublog
383
VMScore
CVE-2022-1793
The Private Files WordPress plugin up to and including 0.40 is missing CSRF check when disabling the protection, which could allow malicious users to make a logged in admin perform such action via a CSRF attack and make the blog public
Private Files Project Private Files 0.40
NA
CVE-2022-2276
The WP Edit Menu WordPress plugin prior to 1.5.0 does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated malicious users to delete arbitrary posts/pages from the blog
Wp Edit Menu Project Wp Edit Menu
356
VMScore
CVE-2022-1203
The Content Mask WordPress plugin prior to 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify a...
Content Mask Project Content Mask
1 Github repository
383
VMScore
CVE-2020-36504
The WP-Pro-Quiz WordPress plugin up to and including 0.37 does not have CSRF check in place when deleting a quiz, which could allow an malicious user to make a logged in admin delete arbitrary quiz on the blog
Wp-pro-quiz Project Wp-pro-quiz
NA
CVE-2022-2275
The WP Edit Menu WordPress plugin prior to 1.5.0 does not have CSRF in an AJAX action, which could allow malicious users to make a logged in admin delete arbitrary posts/pages from the blog via a CSRF attack
Wp Edit Menu Project Wp Edit Menu
445
VMScore
CVE-2022-0214
The Custom Popup Builder WordPress plugin prior to 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog
Custom Popup Builder Project Custom Popup Builder
383
VMScore
CVE-2020-36505
The Delete All Comments Easily WordPress plugin up to and including 1.3 is lacking Cross-Site Request Forgery (CSRF) checks, which could result in an unauthenticated attacker making a logged in admin delete all comments from the blog.
Delete All Comments Easily Project Delete All Comments Easily
NA
CVE-2022-4354
A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /blog/comment of the component Message Board. The manipulation leads to cross site scripting. The attack may be launched remotely. T...
Pb-cms Project Pb-cms 2.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »