Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2022-29411
SQL Injection (SQLi) vulnerability in Mufeng's Hermit ????? plugin <= 3.1.6 on WordPress allows malicious users to execute SQLi attack via (&id).
Hermit Project Hermit
7.5
CVSSv2
CVE-2022-0782
The Donations WordPress plugin up to and including 1.8 does not sanitise and escape the nd_donations_id parameter before using it in a SQL statement via the nd_donations_single_cause_form_validate_fields_php_function AJAX action (available to unauthenticated users), leading to an...
Donations Project Donations
7.5
CVSSv2
CVE-2022-0541
The flo-launch WordPress plugin prior to 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any malicious user to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary value.
Flothemes Flo-launch
7.5
CVSSv2
CVE-2022-0693
The Master Elements WordPress plugin up to and including 8.0 does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthentic...
Devbunch Master Elements
7.5
CVSSv2
CVE-2022-1390
The Admin Word Count Column WordPress plugin up to and including 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated malicious users to read arbitrary files on server running old version of PHP susceptible to the null byte technique. Th...
Admin Word Count Column Project Admin Word Count Column
7.5
CVSSv2
CVE-2022-0657
The 5 Stars Rating Funnel WordPress Plugin | RRatingg WordPress plugin prior to 1.2.54 does not properly sanitise, validate and escape lead ids before using them in a SQL statement via the rrtngg_delete_leads AJAX action, available to unauthenticated users, leading to an unauthen...
5 Stars Rating Funnel Project 5 Stars Rating Funnel
7.5
CVSSv2
CVE-2022-1391
The Cab fare calculator WordPress plugin prior to 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.
Kanev Cab Fare Calculator
7.5
CVSSv2
CVE-2022-0769
The Users Ultra WordPress plugin up to and including 3.1.0 fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement and then executed via the rating_vote AJAX action (available to both unauthenticated and authenticated us...
Usersultra Users Ultra
7.5
CVSSv2
CVE-2022-0992
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized users to configure 2FA f...
Siteground Security Optimizer
7.5
CVSSv2
CVE-2022-0993
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon success. This affects versio...
Siteground Siteground Security
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »