Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.0.4 vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2018-0590
Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated malicious users to bypass access restriction to modify the other users profiles via unspecified vectors.
Ultimatemember User Profile \\& Membership
3.5
CVSSv2
CVE-2018-0585
Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Ultimatemember Ultimate Member
6.4
CVSSv2
CVE-2018-0588
Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote malicious users to read arbitrary files via unspecified vectors.
Ultimatemember User Profile \\& Membership
4
CVSSv2
CVE-2018-0586
Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated malicious users to read arbitrary files via unspecified vectors.
Ultimatemember User Profile \\& Membership
4
CVSSv2
CVE-2018-0589
Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated malicious users to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors.
Ultimatemember User Profile \\& Membership
6.8
CVSSv2
CVE-2021-24352
The export_data function of the Simple 301 Redirects by BetterLinks WordPress plugin prior to 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to export a site's redirects.
Wpdeveloper Simple 301 Redirects
3.5
CVSSv2
CVE-2021-24478
The Bookshelf WordPress plugin up to and including 2.0.4 does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue
Bookshelf Project Bookshelf
3.5
CVSSv2
CVE-2022-0148
The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs WordPress plugin prior to 2.0.4 was vulnerable to reflected XSS on the my-sticky-elements-leads admin page.
Premio Mystickyelements
NA
CVE-2022-2555
The Yotpo Reviews for WooCommerce WordPress plugin up to and including 2.0.4 lacks nonce check when updating its settings, which could allow malicious user to make a logged in admin change them via a CSRF attack.
Yotpo Reviews For Woocommerce Project Yotpo Reviews For Woocommerce
6.8
CVSSv2
CVE-2021-24353
The import_data function of the Simple 301 Redirects by BetterLinks WordPress plugin prior to 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to import a set of site redirects.
Wpdeveloper Simple 301 Redirects
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »