Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.1.4 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2022-0887
The Easy Social Icons WordPress plugin prior to 3.1.4 does not sanitize the selected_icons attribute to the cnss_widget before using it in an SQL statement, leading to a SQL injection vulnerability.
Cybernetikz Easy Social Icons
4.3
CVSSv3
CVE-2022-4386
The Intuitive Custom Post Order WordPress plugin prior to 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an malicious user to trick any user to change the menu order via a CSRF attack
Intuitive Custom Post Order Project Intuitive Custom Post Order
4.3
CVSSv3
CVE-2022-4385
The Intuitive Custom Post Order WordPress plugin prior to 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user (with roles as low as Subscriber) to update the menu order
Intuitive Custom Post Order Project Intuitive Custom Post Order
4.8
CVSSv3
CVE-2023-6165
The Restrict Usernames Emails Characters WordPress plugin prior to 3.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Benaceur-php Restrict Usernames Emails Characters
6.8
CVSSv2
CVE-2021-25010
The Post Snippets WordPress plugin prior to 3.1.4 does not have CSRF check when importing files, allowing malicious user to make a logged In admin import arbitrary snippets. Furthermore, imported snippers are not sanitised and escaped, which could lead to Stored Cross-Site Script...
Postsnippets Post Snippets
5.3
CVSSv3
CVE-2024-1688
The Woo Total Sales plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_orders_archive() function in all versions up to, and including, 3.1.4. This makes it possible for unauthenticated malicious users to retrieve sales r...
4.8
CVSSv3
CVE-2024-0688
The "WebSub (FKA. PubSubHubbub)" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attack...
Pubsubhubbub Websub
4.7
CVSSv3
CVE-2024-1720
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 3.1.4 due to insufficient input...
3.5
CVSSv2
CVE-2021-24202
In the Elementor Website Builder WordPress plugin prior to 3.1.4, the heading widget (includes/widgets/heading.php) accepts a ‘header_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or a...
Elementor Website Builder
3.5
CVSSv2
CVE-2021-24203
In the Elementor Website Builder WordPress plugin prior to 3.1.4, the divider widget (includes/widgets/divider.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or abo...
Elementor Website Builder
Preferred Score:
CVSSv2
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-0575
CVE-2024-55591
CVE-2024-41742
com.transsion.carlcare
CVE-2024-57926
code injection
CVE-2024-12365
tenda
insecure direct object reference
CVE-2024-13433
tduck-platform
code-projects
XML injection
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »