Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-2261
The WPIDE WordPress plugin prior to 3.0 does not sanitize and validate the filename parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue.
Xplodedthemes Wpide
NA
CVE-2023-5210
The AMP+ Plus WordPress plugin up to and including 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Amp-cloud Amp Plus
NA
CVE-2023-5458
The CITS Support svg, webp Media and TTF,OTF File Upload WordPress plugin prior to 3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
Ashik Cits Support Svg\\, Webp Media And Ttf\\,otf File Upload
NA
CVE-2023-1274
The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin prior to 3.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI a...
Pricing Tables For Wpbakery Page Builder Project Pricing Tables For Wpbakery Page Builder
4.3
CVSSv2
CVE-2022-0321
The WP Voting Contest WordPress plugin prior to 3.0 does not sanitise and escape the post_id parameter before outputting it back in the response via the wpvc_social_share_icons AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-S...
Ohiowebtech Wp Voting Contest
NA
CVE-2021-24890
The Scripts Organizer WordPress plugin prior to 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbit...
Dplugins Scripts Organizer
NA
CVE-2022-2387
The Easy Digital Downloads WordPress plugin prior to 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a...
Sandhillsdev Easy Digital Downloads
NA
CVE-2023-0399
The Image Over Image For WPBakery Page Builder WordPress plugin prior to 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perfo...
Image Over Image For Wpbakery Page Builder Project Image Over Image For Wpbakery Page Builder
NA
CVE-2023-0367
The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin prior to 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributo...
Pricing Tables For Wpbakery Page Builder Project Pricing Tables For Wpbakery Page Builder
3.5
CVSSv2
CVE-2021-24611
The Keyword Meta WordPress plugin up to and including 3.0 does not sanitise of escape its settings before outputting them back in the page after they are saved, allowing for Cross-Site Scripting issues. Furthermore, it is also lacking any CSRF check, allowing malicious user to ma...
Keyword Meta Project Keyword Meta
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
NEXT »