Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.3 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2015-9406
Directory traversal vulnerability in the mTheme-Unus theme prior to 2.3 for WordPress allows an malicious user to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php.
Mtheme-unus Project Mtheme-unus
8.8
CVSSv3
CVE-2021-24755
The myCred WordPress plugin prior to 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user
Mycred Mycred
NA
CVE-2014-4518
Cross-site scripting (XSS) vulnerability in xd_resize.php in the Contact Form by ContactMe.com plugin 2.3 and previous versions for WordPress allows remote malicious users to inject arbitrary web script or HTML via the width parameter.
D-coda Contactme
4.3
CVSSv3
CVE-2023-4297
The Mmm Simple File List WordPress plugin up to and including 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories.
Mediamanifesto Mmm Simple File List
9.8
CVSSv3
CVE-2020-36718
The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njt_gdpr_allow_permissions" value. This allows unauthenticated malicious users to inject a PHP Objec...
Ninjateam Gpdr Ccpa Compliance Support
4.8
CVSSv3
CVE-2021-24592
The Sitewide Notice WP WordPress plugin prior to 2.3 does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Yoohooplugins Sitewide Notice
NA
CVE-2015-5482
Directory traversal vulnerability in the GD bbPress Attachments plugin prior to 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php.
Dev4press Gd Bbpress Attachments
6.1
CVSSv3
CVE-2022-3415
The Chat Bubble WordPress plugin prior to 2.3 does not sanitise and escape some contact parameters, which could allow unauthenticated malicious users to set Stored Cross-Site Scripting payloads in them, which will trigger when an admin view the related contact message
Bluecoral Chat Bubble
6.1
CVSSv3
CVE-2015-9505
The Easy Digital Downloads (EDD) core component 1.8.x prior to 1.8.7, 1.9.x prior to 1.9.10, 2.0.x prior to 2.0.5, 2.1.x prior to 2.1.11, 2.2.x prior to 2.2.9, and 2.3.x prior to 2.3.7 for WordPress has XSS because add_query_arg is misused.
Sandhillsdev Easy Digital Downloads
NA
CVE-2015-5481
Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD bbPress Attachments plugin prior to 2.3 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php.
Dev4press Gd Bbpress Attachments
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3012
CVE-2024-30200
XXE
CVE-2023-24955
CVE-2023-42931
CVE-2024-29231
remote code execution
cross-site scripting
CVE-2024-0677
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »