Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.1.2 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-4649
The WP Extended Search WordPress plugin prior to 2.1.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Wp Extended Search Project Wp Extended Search
NA
CVE-2022-2389
The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newsletter Builder & Marketing Automation By Autonami WordPress plugin prior to 2.1.2 does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to ...
Funnelkit Funnelkit Automations
445
VMScore
CVE-2020-6859
Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin up to and including 2.1.2 for WordPress allow remote malicious users to change other users' profiles and cover photos via a modified user_id parameter. Th...
Ultimatemember Ultimate Member
312
VMScore
CVE-2021-24968
The Ultimate FAQ WordPress plugin prior to 2.1.2 does not have capability and CSRF checks in the ewd_ufaq_welcome_add_faq and ewd_ufaq_welcome_add_faq_page AJAX actions, available to any authenticated users. As a result, any users, with a role as low as Subscriber could create FA...
Etoilewebdesign Ultimate Faq
NA
CVE-2023-3219
The EventON WordPress plugin prior to 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functiona...
Myeventon Eventon
NA
CVE-2023-3248
The All-in-one Floating Contact Form WordPress plugin prior to 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ...
Premio My Sticky Elements
312
VMScore
CVE-2021-24569
The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin prior to 2.1.2 does not escape the value of its Button Text setting when outputting it in an attribute in the frontend, allowing high privilege users such as admin to perform Cross-Site Scripting even when the un...
Hu-manity Cookie Notice \\& Compliance For Gdpr \\/ Ccpa
890
VMScore
CVE-2012-4033
Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin prior to 2.4.0 for WordPress have unknown impact and attack vectors.
Zingiri Zingiri Web Shop 2.3.4
Zingiri Zingiri Web Shop 2.3.3
Zingiri Zingiri Web Shop 2.2.1
Zingiri Zingiri Web Shop 2.2.0
Zingiri Zingiri Web Shop 2.0.2
Zingiri Zingiri Web Shop 2.0.1
Zingiri Zingiri Web Shop 1.6.1
Zingiri Zingiri Web Shop 1.6.0
Zingiri Zingiri Web Shop 1.5.3
Zingiri Zingiri Web Shop 1.5.2
Zingiri Zingiri Web Shop 1.4.3
Zingiri Zingiri Web Shop 1.4.2
Zingiri Zingiri Web Shop 1.3.3
Zingiri Zingiri Web Shop 1.3.2
Zingiri Zingiri Web Shop 1.2.6
Zingiri Zingiri Web Shop 1.2.5
Zingiri Zingiri Web Shop 1.0.4
Zingiri Zingiri Web Shop 1.0.3
Zingiri Zingiri Web Shop 2.3.2
Zingiri Zingiri Web Shop 2.3.1
Zingiri Zingiri Web Shop 2.1.3
Zingiri Zingiri Web Shop 2.1.2
NA
CVE-2023-3080
The WP Mail Catcher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated malicious users to inject arbi...
Jamesward Wp Mail Catcher
NA
CVE-2024-0900
The Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! plugin for WordPress is vulnerable to unauthorized post creation due to a missing capability check on the elespare_create_post() fun...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »