Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
Docs
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
about-me vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-36387
Broken Access Control vulnerability in Alessio Caiazza's About Me plugin <= 1.0.12 at WordPress.
Alessio Caiazza About Me (wordpress Plugin)
About-me Project About-me
8.8
CVSSv3
CVE-2023-25474
Cross-Site Request Forgery (CSRF) vulnerability in Csaba Kissi About Me 3000 widget plugin <= 2.2.6 versions.
Csaba Kissi About Me 3000 Widget
About Me 3000 Widget Project About Me 3000 Widget
4.8
CVSSv3
CVE-2023-3369
The About Me 3000 widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator...
D3wp About Me 3000 Widget
Wpmaniax About Me 3000
4.3
CVSSv2
CVE-2012-6557
Multiple cross-site scripting (XSS) vulnerabilities in the AboutMe plugin 1.1.1 for Vanilla Forums allow remote malicious users to inject arbitrary web script or HTML via the (1) AboutMe/RealName, (2) AboutMe/Name, (3) AboutMe/Quote, (4) AboutMe/Loc, (5) AboutMe/Emp, (6) AboutMe/...
Zodiacdm Aboutme-plugin 1.1.1
1 EDB exploit
3.5
CVSSv2
CVE-2013-3920
Cross-site scripting (XSS) vulnerability in Jahia xCM prior to 6.6.2 allows remote authenticated users to inject arbitrary web script or HTML via the "about me" field.
Jahia Jahia Xcm
5.4
CVSSv3
CVE-2024-36775
A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the About Me parameter in the Edit Profile page.
Monstra Monstra Cms 3.0.4
Monstra Monstra 3.0.4
4.6
CVSSv3
CVE-2024-57041
A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11.0 allows remote malicious users to store arbitrary code in the 'about me' section of their profile.
5.4
CVSSv3
CVE-2024-3747
The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the className parameter in the About Me block in all versions up to, and including, 2.0.39 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacke...
Creativethemes Blocksy
5.4
CVSSv3
CVE-2021-24443
The About Me widget of the Youzify – BuddyPress Community, User Profile, Social Network & Membership WordPress plugin prior to 1.0.7 does not properly sanitise its Biography field, allowing any authenticated user to set Cross-Site Scripting payloads in it, which will be...
Unknown Youzify – Buddypress Community, User Profile, Social Network & Membership Plugin For Wordpress
Kainelabs Youzify
NA
CVE-2025-44203
In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator username, password hash, ...
1 Github repository
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
ruoyi-ai
CVE-2025-6417
CVE-2025-6362
aquatronica
infosphere information server
arbitrary code
validation
IMAP
winrar
CVE-2025-6018
CVE-2025-6402
CVE-2025-6447
CVE-2025-4275
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »
Vulmon