Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
chloe chamberland vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-0993
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon success. This affects versio...
Siteground Siteground Security
8.8
CVSSv3
CVE-2022-2431
The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up to, and including 3.2.50. This is due to insufficient file type and path validation on the deleteFiles() function found in the ~/Admin/Menu/Packages.php file that triggers upon downl...
Wpdownloadmanager Wordpress Download Manager
5.4
CVSSv3
CVE-2022-0750
The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnail_width, thumbnail_height, max_image_width, and max_image_height parameters found in the ~/photoswipe-masonry.php file which allows a...
Thriveweb Photoswipe Masonry Gallery
9.8
CVSSv3
CVE-2022-0992
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized users to configure 2FA f...
Siteground Security Optimizer
8.8
CVSSv3
CVE-2023-1874
The WP Data Access plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.3.7. This is due to a lack of authorization checks on the multiple_roles_update function. This makes it possible for authenticated attackers, with minimal permissions...
Wpdataaccess Wp Data Access
6.1
CVSSv3
CVE-2022-0218
The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated malicious users to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the ~/includes/class-template-designer.php ...
Codemiq Wordpress Email Template Designer
NA
CVE-2022-3180
WordPress WPGateway plugin versions 3.5 and below suffer from an unauthenticated privilege escalation vulnerability.
8.8
CVSSv3
CVE-2023-3636
The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on the 'save_users_map_name' function. This makes it possible for authenticated attackers, with minimal permissions ...
Wedevs Wp Project Manager
10
CVSSv3
CVE-2020-24186
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 up to and including 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.
Gvectors Wpdiscuz
7 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started