Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-5974
The WPB Show Core WordPress plugin up to and including 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter.
Wpb Show Core Project Wpb Show Core
9.8
CVSSv3
CVE-2023-4922
The WPB Show Core WordPress plugin up to and including 2.2 is vulnerable to a local file inclusion via the `path` parameter.
Wpb Show Core Project Wpb Show Core
9.8
CVSSv3
CVE-2023-5604
The Asgaros Forum WordPress plugin prior to 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files (e.g. .php, .phtml), potentially leading to remote code execut...
Asgaros Asgaros Forum
9.8
CVSSv3
CVE-2023-2449
The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (userpro_process_form). The func...
Userproplugin Userpro
9.8
CVSSv3
CVE-2023-5815
The News & Blog Designer Pack – WordPress Blog Plugin — (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry) plugin for WordPress is vulnerable to Remote Code Execution via Local File Inclusion in all versions up to, and incl...
Infornweb News \\& Blog Designer Pack
1 Github repository
9.8
CVSSv3
CVE-2023-5822
The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'dnd_upload_cf7_upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauth...
Codedropz Drag And Drop Multiple File Upload - Contact Form 7
9.8
CVSSv3
CVE-2023-5640
The Article Analytics WordPress plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection vulnerability.
Dguzun Article Analytics
9.8
CVSSv3
CVE-2023-5652
The WP Hotel Booking WordPress plugin prior to 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admin_init, allowing unauthenticated users to perform SQL injections
Thimpress Wp Hotel Booking
9.8
CVSSv3
CVE-2023-5340
The Five Star Restaurant Menu and Food Ordering WordPress plugin prior to 2.4.11 unserializes user input via an AJAX action available to unauthenticated users, allowing them to perform PHP Object Injection when a suitable gadget is present on the blog.
Fivestarplugins Five Star Restaurant Menu
9.8
CVSSv3
CVE-2023-4214
The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit.
Apppresser Apppresser
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »