Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.8 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2016-10981
The kento-post-view-counter plugin up to and including 2.8 for WordPress has stored XSS via kento_pvc_numbers_lang, kento_pvc_today_text, or kento_pvc_total_text.
Kentothemes Kento-post-view-counter
4.3
CVSSv2
CVE-2012-4263
Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (better_wp_security) plugin prior to 3.2.5 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the HTTP_USER_AGENT header.
Bit51 Better-wp-security
Bit51 Better-wp-security -
Bit51 Better-wp-security 0.1
Bit51 Better-wp-security 0.2
Bit51 Better-wp-security 0.3
Bit51 Better-wp-security 0.4
Bit51 Better-wp-security 0.5
Bit51 Better-wp-security 0.6
Bit51 Better-wp-security 0.7
Bit51 Better-wp-security 0.8
Bit51 Better-wp-security 0.9
Bit51 Better-wp-security 0.10
4.8
CVSSv3
CVE-2024-7891
The Floating Contact Button WordPress plugin prior to 2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
4.8
CVSSv3
CVE-2022-2152
The Duplicate Page and Post WordPress plugin prior to 2.8 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Duplicate Page And Post Project Duplicate Page And Post
4.3
CVSSv2
CVE-2012-4264
Multiple cross-site scripting (XSS) vulnerabilities in the Better WP Security (better_wp_security) plugin prior to 3.2.5 for WordPress allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors related to "server variables," a different ...
Bit51 Better-wp-security
Bit51 Better-wp-security -
Bit51 Better-wp-security 0.1
Bit51 Better-wp-security 0.2
Bit51 Better-wp-security 0.3
Bit51 Better-wp-security 0.4
Bit51 Better-wp-security 0.5
Bit51 Better-wp-security 0.6
Bit51 Better-wp-security 0.7
Bit51 Better-wp-security 0.8
Bit51 Better-wp-security 0.9
Bit51 Better-wp-security 0.10
4.3
CVSSv2
CVE-2021-24409
The Prismatic WordPress plugin prior to 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator
Plugin-planet Prismatic
5.4
CVSSv3
CVE-2022-4791
The Product Slider and Carousel with Category for WooCommerce WordPress plugin prior to 2.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Essentialplugin Product Slider And Carousel With Category With Woocommerce
6.4
CVSSv3
CVE-2024-10112
The Simple News plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'news' shortcode in all versions up to, and including, 2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possi...
5.4
CVSSv3
CVE-2024-9696
The Rescue Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rescue_tab' shortcode in all versions up to, and including, 2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This ma...
Rescuethemes Rescue Shortcodes
9.8
CVSSv3
CVE-2016-15040
The Kento Post View Counter plugin for WordPress is vulnerable to SQL Injection via the 'kento_pvc_geo' parameter in versions up to, and including, 2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL que...
Preferred Score:
CVSSv2
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
apache atlas
wp html page sitemap
inject
everest forms
CVE-2025-25356
CVE-2024-47264
cross-site scripting
CVE-2025-0837
CVE-2025-25286
*
CVE-2024-12754
arbitrary code
CVE-2025-24472
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »