Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.1.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-1804
The Product Catalog Feed by PixelYourSite WordPress plugin prior to 2.1.1 does not sanitise and escape the edit parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators...
Pixelyoursite Product Catalog Feed
NA
CVE-2023-1805
The Product Catalog Feed by PixelYourSite WordPress plugin prior to 2.1.1 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Pixelyoursite Product Catalog Feed
NA
CVE-2020-36720
The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the update_option lacking proper authentication checks. This makes it possible for any authenticated malicious user to change (or delete) the ...
Kaliforms Kali Forms
4.3
CVSSv2
CVE-2017-14622
Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin prior to 2.1.1 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin....
2kblater 2kb Amazon Affiliates Store
6.8
CVSSv2
CVE-2021-39353
The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajax_add_form function found in the ~/includes/class-form.php file which made it possible for malicious users to inject arbitrary web scripts in versio...
Easyregistrationforms Easy Registration Forms
NA
CVE-2023-4783
The Magee Shortcodes WordPress plugin up to and including 2.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cro...
Hoosoft Magee Shortcodes
3.5
CVSSv2
CVE-2021-24416
The StreamCast – Radio Player for WordPress plugin prior to 2.1.1 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the emb...
Bplugins Streamcast Radio Player
NA
CVE-2020-36712
The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliforms_form_delete_uploaded_file function lacking any privilege or user protections. This makes it possible for unauthentica...
Kaliforms Kali Forms
6.5
CVSSv2
CVE-2022-0440
The Catch Themes Demo Import WordPress plugin prior to 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie DISALLOW_UNFILTERED_HTML, DISALLOW_FILE_ED...
Catchplugins Catch Themes Demo Import
NA
CVE-2023-5134
The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erforms_user_meta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for auth...
Easyregistrationforms Easy Registration Forms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »