Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
patreon patreon wordpress vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2018-20984
The patreon-connect plugin prior to 1.2.2 for WordPress has Object Injection.
Patreon Patreon Wordpress
NA
CVE-2023-41129
Cross-Site Request Forgery (CSRF) vulnerability in Patreon Patreon WordPress.This issue affects Patreon WordPress: from n/a up to and including 1.8.6.
Patreon Patreon Wordpress
312
VMScore
CVE-2021-25026
The Patreon WordPress plugin prior to 1.8.2 does not sanitise and escape the field "Custom Patreon Page name", which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Patreon Patreon Wordpress
383
VMScore
CVE-2021-24231
The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin prior to 1.7.0, allowing malicious users to make a logged administrator disconnect the site from Patreon by visiting a specially crafted link.
605
VMScore
CVE-2021-24228
The Jetpack Scan team identified a Reflected Cross-Site Scripting in the Login Form of the Patreon WordPress plugin prior to 1.7.2. The WordPress login form (wp-login.php) is hooked by the plugin and offers to allow users to authenticate on the site using their Patreon account. U...
605
VMScore
CVE-2021-24229
The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreon_save_attachment_patreon_level AJAX action of the Patreon WordPress plugin prior to 1.7.2. This AJAX hook is used to update the pledge level required by Patreon subscribers to access a given attachme...
445
VMScore
CVE-2021-24227
The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin prior to 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains dat...
516
VMScore
CVE-2021-24230
The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin prior to 1.7.0, allowing malicious users to make a logged in user overwrite or create arbitrary user metadata on the victim’s account once visited. If exploited, this...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started