Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
call to action vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2021-25075
The Duplicate Page or Post WordPress plugin prior to 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's set...
Wpdevart Duplicate Page Or Post
1 Github repository
8.5
CVSSv2
CVE-2007-5453
Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the _options table, which is used in an eval function call by (1) admin.php, (2) click.php,...
Php-stats Php-stats 0.1.9.2
1 EDB exploit
NA
CVE-2024-1414
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Call To Action widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated atta...
6.5
CVSSv2
CVE-2021-43176
The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 takes a user-supplied “action” parameter and appends a .php file extension to locate and load the correct PHP file to implement the API call. Vulnerable versions of GOautodial do not sanitize the us...
Goautodial Goautodial 4
Goautodial Goautodial Api 2
7.5
CVSSv2
CVE-2019-6703
Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin up to and including 2.0.5 for WordPress allows unauthenticated malicious users to update arbitrary WordPress option values, leading to site takeover. These attackers can send reques...
Calmar-webmedia Total Donations
NA
CVE-2024-3054
WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 0.9.99 via deserialization of untrusted input at the wpvividstg_get_custom_exclude_path_free action. This is due to the plugin not providing sufficient ...
NA
CVE-2024-3985
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Call to Action widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. T...
6.8
CVSSv2
CVE-2009-4898
Cross-site request forgery (CSRF) vulnerability in TWiki prior to 4.3.2 allows remote malicious users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the ACTION attribute of a FORM element, in conjuncti...
Twiki Twiki 4.0.5
Twiki Twiki 4.0.4
Twiki Twiki 4.0.3
Twiki Twiki 4.0.2
Twiki Twiki 4.2.4
Twiki Twiki 4.1.2
Twiki Twiki
Twiki Twiki 4.1.0
Twiki Twiki 4.0.1
Twiki Twiki 4.2.3
Twiki Twiki 4.2.2
Twiki Twiki 4.2.1
Twiki Twiki 4.2.0
Twiki Twiki 4.3.0
Twiki Twiki 4.1.1
Twiki Twiki 4.0.0
6.8
CVSSv2
CVE-2022-0679
The Narnoo Distributor WordPress plugin up to and including 2.5.1 fails to validate and sanitize the lib_path parameter before it is passed into a call to require() via the narnoo_distributor_lib_request AJAX action (available to both unauthenticated and authenticated users) whic...
Narnoo Distributor Project Narnoo Distributor
3.5
CVSSv2
CVE-2021-25042
The WP Visitor Statistics (Real Time Traffic) WordPress plugin prior to 5.5 does not have authorisation and CSRF checks in the updateIpAddress AJAX action, allowing any authenticated user to call it, or make a logged in user do it via a CSRF attack and add an arbitrary IP address...
Plugins-market Wp Visitor Statistics \\(real Time Traffic\\)
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »