Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.3.2 vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2015-9420
The soundcloud-is-gold plugin prior to 2.3.2 for WordPress has XSS via the wp-admin/admin-ajax.php?action=get_soundcloud_player id parameter.
Mightymess Soundcloud Is Gold
312
VMScore
CVE-2022-29420
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-circle-countdown-before-countdown and &ycd-circle-countdown-after-countdown vulnerable parameters.
Edmonsoft Countdown Builder
1 Github repository
383
VMScore
CVE-2021-24832
The WP SEO Redirect 301 WordPress plugin prior to 2.3.2 does not have CSRF in place when deleting redirects, which could allow malicious users to make a logged in admin delete them via a CSRF attack
Wp Seo Redirect 301 Project Wp Seo Redirect 301
383
VMScore
CVE-2021-25077
The Store Toolkit for WooCommerce WordPress plugin prior to 2.3.2 does not sanitise and escape the tab parameter before outputting it back in an admin page in an error message, leading to a Reflected Cross-Site Scripting
Visser Store Toolkit For Woocommerce
NA
CVE-2023-4887
The Google Maps Plugin by Intergeo for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'intergeo' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. Th...
Themeisle Google Maps Plugin By Intergeo
312
VMScore
CVE-2022-1208
The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to insufficient input sanitization and output escaping that allows users to encode malicious web scripts with HTML encoding ...
Ultimatemember Ultimate Member
890
VMScore
CVE-2012-4033
Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin prior to 2.4.0 for WordPress have unknown impact and attack vectors.
Zingiri Zingiri Web Shop 2.3.4
Zingiri Zingiri Web Shop 2.3.3
Zingiri Zingiri Web Shop 2.2.1
Zingiri Zingiri Web Shop 2.2.0
Zingiri Zingiri Web Shop 2.0.2
Zingiri Zingiri Web Shop 2.0.1
Zingiri Zingiri Web Shop 1.6.1
Zingiri Zingiri Web Shop 1.6.0
Zingiri Zingiri Web Shop 1.5.3
Zingiri Zingiri Web Shop 1.5.2
Zingiri Zingiri Web Shop 1.4.3
Zingiri Zingiri Web Shop 1.4.2
Zingiri Zingiri Web Shop 1.3.3
Zingiri Zingiri Web Shop 1.3.2
Zingiri Zingiri Web Shop 1.2.6
Zingiri Zingiri Web Shop 1.2.5
Zingiri Zingiri Web Shop 1.0.4
Zingiri Zingiri Web Shop 1.0.3
Zingiri Zingiri Web Shop 2.3.2
Zingiri Zingiri Web Shop 2.3.1
Zingiri Zingiri Web Shop 2.1.3
Zingiri Zingiri Web Shop 2.1.2
NA
CVE-2024-0825
The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.3.2 via deserialization of untrusted input via the vimeography_duplicate_gallery_serialized in the duplicate_gallery function. ...
NA
CVE-2024-3206
The Different Menu in Different Pages – Control Menu Visibility (All in One) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax() function in all versions up to, and including, 2.3.2. This makes it possible for authentica...
312
VMScore
CVE-2022-29422
Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabilities in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-countdown-width, &ycd-progress-height, &ycd-progress-width, &ycd-button-margin-top, &ycd-b...
Edmonsoft Countdown Builder
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
NEXT »