Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.0.10 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-0236
The Tutor LMS WordPress plugin prior to 2.0.10 does not sanitise and escape the reset_key and user_id parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Themeum Tutor Lms
4.8
CVSSv3
CVE-2022-2563
The Tutor LMS WordPress plugin prior to 2.0.10 does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Themeum Tutor Lms
6.1
CVSSv3
CVE-2021-38341
The WooCommerce Payment Gateway Per Category WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/includes/plugin_settings.php file which allows malicious users to inject arbitrary web scripts, in versio...
Dreamfoxmedia Woocommerce Payment Gateway Per Category
NA
CVE-2014-4521
Cross-site scripting (XSS) vulnerability in client-assist.php in the dsIDXpress IDX plugin prior to 2.1.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the action parameter.
Diversesolutions Dsidxpress Idx Plugin 2.0.16
Diversesolutions Dsidxpress Idx Plugin 2.0.0
Diversesolutions Dsidxpress Idx Plugin 2.0.1
Diversesolutions Dsidxpress Idx Plugin 2.0.18
Diversesolutions Dsidxpress Idx Plugin 2.0.37
Diversesolutions Dsidxpress Idx Plugin 2.0.32
Diversesolutions Dsidxpress Idx Plugin 2.0.7
Diversesolutions Dsidxpress Idx Plugin 2.0.19
Diversesolutions Dsidxpress Idx Plugin 2.0.4
Diversesolutions Dsidxpress Idx Plugin 2.0.5
Diversesolutions Dsidxpress Idx Plugin 2.0.34
Diversesolutions Dsidxpress Idx Plugin 2.0.11
Diversesolutions Dsidxpress Idx Plugin 2.0.22
Diversesolutions Dsidxpress Idx Plugin 2.0.30
Diversesolutions Dsidxpress Idx Plugin 2.0.17
Diversesolutions Dsidxpress Idx Plugin 2.0.12
Diversesolutions Dsidxpress Idx Plugin 2.0.31
Diversesolutions Dsidxpress Idx Plugin
Diversesolutions Dsidxpress Idx Plugin 2.0.6
Diversesolutions Dsidxpress Idx Plugin 2.0.10
Diversesolutions Dsidxpress Idx Plugin 2.0.14
Diversesolutions Dsidxpress Idx Plugin 2.0.9
8.8
CVSSv3
CVE-2021-4330
The Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions. T...
Envato Template Kit - Import
Envato Envato Elements
6.1
CVSSv3
CVE-2013-10026
A vulnerability, which was classified as problematic, has been found in Mail Subscribe List Plugin up to 2.0.10 on WordPress. This issue affects some unknown processing of the file index.php. The manipulation of the argument sml_name/sml_email leads to cross site scripting. The a...
Webfwd Mail Subscribe List
8.8
CVSSv3
CVE-2015-2673
The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 up to and including 3.0.20 for WordPress allow remote malicious users to gain administrator privileges and execute arbitrary code via the opti...
Wpeasycart Wp Easycart 2.0.1
Wpeasycart Wp Easycart 1.2.16
Wpeasycart Wp Easycart 1.2.15
Wpeasycart Wp Easycart 1.2.14
Wpeasycart Wp Easycart 1.2.13
Wpeasycart Wp Easycart 1.2.12
Wpeasycart Wp Easycart 1.2.11
Wpeasycart Wp Easycart 1.2.10
Wpeasycart Wp Easycart 1.2.9
Wpeasycart Wp Easycart 1.2.8
Wpeasycart Wp Easycart 1.2.7
Wpeasycart Wp Easycart 1.2.6
Wpeasycart Wp Easycart 1.2.5
Wpeasycart Wp Easycart 1.2.4
Wpeasycart Wp Easycart 1.2.3
Wpeasycart Wp Easycart 1.2.2
Wpeasycart Wp Easycart 1.2.1
Wpeasycart Wp Easycart 1.2.0
Wpeasycart Wp Easycart 1.1.36
Wpeasycart Wp Easycart 1.1.35
Wpeasycart Wp Easycart 1.1.34
Wpeasycart Wp Easycart 1.1.33
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8