Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.1 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2012-6624
Cross-site scripting (XSS) vulnerability in the SoundCloud Is Gold plugin 2.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the width parameter in a soundcloud_is_gold_player_preview action to wp-admin/admin-ajax.php.
Mightymess Soundcloud Is Gold 2.1
1 EDB exploit
6.8
CVSSv2
CVE-2014-2340
Cross-site request forgery (CSRF) vulnerability in the XCloner plugin prior to 3.1.1 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php.
Xcloner Xcloner
Xcloner Xcloner 2.1.2
Xcloner Xcloner 3.0
Xcloner Xcloner 3.0.3
Xcloner Xcloner 3.0.1
Xcloner Xcloner 3.0.6
Xcloner Xcloner 3.0.8
Xcloner Xcloner 3.0.7
Xcloner Xcloner 3.0.5
Xcloner Xcloner 3.0.2
Xcloner Xcloner 3.0.4
Xcloner Xcloner 2.2.1
Xcloner Xcloner 2.1
1 EDB exploit
6.8
CVSSv2
CVE-2014-9368
Cross-site request forgery (CSRF) vulnerability in the twitterDash plugin 2.1 and previous versions for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the username_twitterDash...
Twitterdash Project Twitterdash
NA
CVE-2023-1893
The Login Configurator WordPress plugin up to and including 2.1 does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site administrators.
Login Configurator Project Login Configurator
4.3
CVSSv2
CVE-2020-15537
An issue exists in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new title field, a product field to the p/ URI, or the Products Search box.
Vanguard Project Vanguard 2.1
6.4
CVSSv2
CVE-2014-1907
Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin prior to 4.29.5 for WordPress allow remote malicious users to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a...
Videowhisper Live Streaming Integration Plugin 4.27
Videowhisper Live Streaming Integration Plugin 4.27.3
Videowhisper Live Streaming Integration Plugin 2.1
Videowhisper Live Streaming Integration Plugin 2.0
Videowhisper Live Streaming Integration Plugin
Videowhisper Live Streaming Integration Plugin 4.25.3
Videowhisper Live Streaming Integration Plugin 1.0.2
Videowhisper Live Streaming Integration Plugin 4.05
Videowhisper Live Streaming Integration Plugin 2.2
Videowhisper Live Streaming Integration Plugin 4.25
Videowhisper Live Streaming Integration Plugin 4.07
1 EDB exploit
5
CVSSv2
CVE-2012-4915
Directory traversal vulnerability in the Google Doc Embedder plugin prior to 2.5.4 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php.
Davistribe Google Doc Embedder 2.5.2
Davistribe Google Doc Embedder 2.5.1
Davistribe Google Doc Embedder 2.4.1
Davistribe Google Doc Embedder 2.4
Davistribe Google Doc Embedder 2.5
Davistribe Google Doc Embedder 2.4.6
Davistribe Google Doc Embedder 2.3
Davistribe Google Doc Embedder 2.2.3
Davistribe Google Doc Embedder 2.4.5
Davistribe Google Doc Embedder 2.4.4
Davistribe Google Doc Embedder 2.2.2
Davistribe Google Doc Embedder 2.2.1
Davistribe Google Doc Embedder 2.2
Davistribe Google Doc Embedder
Davistribe Google Doc Embedder 2.4.3
Davistribe Google Doc Embedder 2.4.2
Davistribe Google Doc Embedder 2.1
Davistribe Google Doc Embedder 2.0
1 EDB exploit
1 Github repository
6.8
CVSSv2
CVE-2018-5669
An issue exists in the read-and-understood plugin 2.1 for WordPress. CSRF exists via wp-admin/options-general.php.
Read And Understood Project Read And Understood 2.1
6.5
CVSSv2
CVE-2018-6195
admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images) prior to 2.1.1 for WordPress allows authenticated (administrator, editor, or author) remote malicious users to conduct PHP Object Injection attacks via crafted serialized data in the &...
Splashing Images Project Splashing Images
3.5
CVSSv2
CVE-2018-6194
A cross-site scripting (XSS) vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin (wp-splashing-images) prior to 2.1.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the search parameter to wp-admin/...
Splashing Images Project Splashing Images
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »