Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
patreon patreon wordpress vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-20984
The patreon-connect plugin prior to 1.2.2 for WordPress has Object Injection.
Patreon Patreon Wordpress
8.8
CVSSv3
CVE-2023-41129
Cross-Site Request Forgery (CSRF) vulnerability in Patreon Patreon WordPress.This issue affects Patreon WordPress: from n/a up to and including 1.8.6.
Patreon Patreon Wordpress
5.5
CVSSv3
CVE-2021-25026
The Patreon WordPress plugin prior to 1.8.2 does not sanitise and escape the field "Custom Patreon Page name", which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Patreon Patreon Wordpress
6.5
CVSSv3
CVE-2021-24231
The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin prior to 1.7.0, allowing malicious users to make a logged administrator disconnect the site from Patreon by visiting a specially crafted link.
9.6
CVSSv3
CVE-2021-24228
The Jetpack Scan team identified a Reflected Cross-Site Scripting in the Login Form of the Patreon WordPress plugin prior to 1.7.2. The WordPress login form (wp-login.php) is hooked by the plugin and offers to allow users to authenticate on the site using their Patreon account. U...
9.6
CVSSv3
CVE-2021-24229
The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreon_save_attachment_patreon_level AJAX action of the Patreon WordPress plugin prior to 1.7.2. This AJAX hook is used to update the pledge level required by Patreon subscribers to access a given attachme...
7.5
CVSSv3
CVE-2021-24227
The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin prior to 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains dat...
8.1
CVSSv3
CVE-2021-24230
The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin prior to 1.7.0, allowing malicious users to make a logged in user overwrite or create arbitrary user metadata on the victim’s account once visited. If exploited, this...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started