Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.0.7 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-0328
The WPCode WordPress plugin prior to 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication (such ...
Wpcode Wpcode
NA
CVE-2024-1812
The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the 'font_url' parameter. This makes it possible for unauthenticated malicious users to make web requests to arbitrary locations originati...
4.3
CVSSv2
CVE-2014-4521
Cross-site scripting (XSS) vulnerability in client-assist.php in the dsIDXpress IDX plugin prior to 2.1.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the action parameter.
Diversesolutions Dsidxpress Idx Plugin 2.0.30
Diversesolutions Dsidxpress Idx Plugin 2.0.29
Diversesolutions Dsidxpress Idx Plugin 2.0.28
Diversesolutions Dsidxpress Idx Plugin 2.0.27
Diversesolutions Dsidxpress Idx Plugin 2.0.26
Diversesolutions Dsidxpress Idx Plugin 2.0.13
Diversesolutions Dsidxpress Idx Plugin 2.0.12
Diversesolutions Dsidxpress Idx Plugin 2.0.11
Diversesolutions Dsidxpress Idx Plugin 2.0.10
Diversesolutions Dsidxpress Idx Plugin 2.0.38
Diversesolutions Dsidxpress Idx Plugin 2.0.37
Diversesolutions Dsidxpress Idx Plugin 2.0.36
Diversesolutions Dsidxpress Idx Plugin 2.0.35
Diversesolutions Dsidxpress Idx Plugin 2.0.21
Diversesolutions Dsidxpress Idx Plugin 2.0.20
Diversesolutions Dsidxpress Idx Plugin 2.0.19
Diversesolutions Dsidxpress Idx Plugin 2.0.18
Diversesolutions Dsidxpress Idx Plugin 2.0.5
Diversesolutions Dsidxpress Idx Plugin 2.0.4
Diversesolutions Dsidxpress Idx Plugin 2.0.3
Diversesolutions Dsidxpress Idx Plugin 2.0.2
Diversesolutions Dsidxpress Idx Plugin 2.0.1
NA
CVE-2021-4418
The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated malicious users to save c...
Wpfactory Custom Css\\, Js \\& Php
7.5
CVSSv2
CVE-2014-4726
Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin prior to 2.6.8 for WordPress has unspecified impact and attack vectors.
Mailpoet Mailpoet Newsletters 2.6.4
Mailpoet Mailpoet Newsletters 2.6.2
Mailpoet Mailpoet Newsletters 2.5.9.1
Mailpoet Mailpoet Newsletters 2.5.8
Mailpoet Mailpoet Newsletters 2.5
Mailpoet Mailpoet Newsletters 2.4.3
Mailpoet Mailpoet Newsletters 2.3.4
Mailpoet Mailpoet Newsletters 2.3.2
Mailpoet Mailpoet Newsletters 2.1.9
Mailpoet Mailpoet Newsletters 2.1.7
Mailpoet Mailpoet Newsletters 2.1
Mailpoet Mailpoet Newsletters 2.0.9
Mailpoet Mailpoet Newsletters 2.0.4
Mailpoet Mailpoet Newsletters 2.0.2
Mailpoet Mailpoet Newsletters 1.1.1
Mailpoet Mailpoet Newsletters 1.0.1
Mailpoet Mailpoet Newsletters
Mailpoet Mailpoet Newsletters 2.6.6
Mailpoet Mailpoet Newsletters 2.6.5
Mailpoet Mailpoet Newsletters 2.5.7
Mailpoet Mailpoet Newsletters 2.5.5
Mailpoet Mailpoet Newsletters 2.5.4
NA
CVE-2024-3588
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...
NA
CVE-2006-10001
A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up to 2.0.7 on WordPress. This affects an unknown part of the file subscribe-to-comments.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remo...
Pluginmirror Subscribe To Comments
6.8
CVSSv2
CVE-2014-3907
Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin prior to 2.6.11 for WordPress allows remote malicious users to hijack the authentication of arbitrary users.
Mailpoet Mailpoet Newsletters 2.6.6
Mailpoet Mailpoet Newsletters 2.6.4
Mailpoet Mailpoet Newsletters 2.6
Mailpoet Mailpoet Newsletters 2.5.9.3
Mailpoet Mailpoet Newsletters 2.5.4
Mailpoet Mailpoet Newsletters 2.5.2
Mailpoet Mailpoet Newsletters 2.4
Mailpoet Mailpoet Newsletters 2.3.4
Mailpoet Mailpoet Newsletters 2.2.3
Mailpoet Mailpoet Newsletters 2.2.1
Mailpoet Mailpoet Newsletters 2.1.4
Mailpoet Mailpoet Newsletters 2.6.3
Mailpoet Mailpoet Newsletters 2.6.2
Mailpoet Mailpoet Newsletters 2.6.1
Mailpoet Mailpoet Newsletters 2.5.1
Mailpoet Mailpoet Newsletters 2.5
Mailpoet Mailpoet Newsletters 2.4.4
Mailpoet Mailpoet Newsletters 2.4.3
Mailpoet Mailpoet Newsletters 2.4.2
Mailpoet Mailpoet Newsletters 2.1.9
Mailpoet Mailpoet Newsletters 2.1.8
Mailpoet Mailpoet Newsletters 2.1.7
9
CVSSv2
CVE-2015-9228
In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php.
Imagely Nextgen Gallery 2.1.10
Imagely Nextgen Gallery 2.0.66.29
Imagely Nextgen Gallery 2.0.66.27
Imagely Nextgen Gallery 2.0.66.26
Imagely Nextgen Gallery 2.0.66.17
Imagely Nextgen Gallery 2.0.25
Imagely Nextgen Gallery 2.0.23
Imagely Nextgen Gallery 2.0.21
Imagely Nextgen Gallery 2.0.17
Imagely Nextgen Gallery 1.9.3
Imagely Nextgen Gallery 1.9.2
Imagely Nextgen Gallery 1.9.1
Imagely Nextgen Gallery 1.9.0
Imagely Nextgen Gallery 1.8.4
Imagely Nextgen Gallery 1.5.5
Imagely Nextgen Gallery 1.5.4
Imagely Nextgen Gallery 1.5.3
Imagely Nextgen Gallery 1.5.2
Imagely Nextgen Gallery 2.1.9
Imagely Nextgen Gallery 2.1.2
Imagely Nextgen Gallery 2.0.79
Imagely Nextgen Gallery 2.0.74
NA
CVE-2024-3812
The Salient Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.7 via the 'nectar_icon' shortcode 'icon_linea' attribute. This makes it possible for authenticated attackers, with contributor-level and above...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
NEXT »