Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
taurus omar vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-1890
The Tablesome WordPress plugin prior to 1.0.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting
Pauple Tablesome
NA
CVE-2023-1893
The Login Configurator WordPress plugin up to and including 2.1 does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site administrators.
Login Configurator Project Login Configurator
NA
CVE-2023-2029
The PrePost SEO WordPress plugin up to and including 3.0 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite s...
Enzipe Prepost Seo
312
VMScore
CVE-2022-1153
The LayerSlider WordPress plugin prior to 7.1.2 does not sanitise and escape Project's slug before outputting it back in various place, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
Layslider Layslider
383
VMScore
CVE-2022-0901
The Ad Inserter Free and Pro WordPress plugins prior to 2.7.12 do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters
Ad Inserter Project Ad Inserter
383
VMScore
CVE-2022-0953
The Anti-Malware Security and Brute-Force Firewall WordPress plugin prior to 4.20.96 does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters
Download Anti-malware Security And Brute-force Firewall Project Download Anti-malware Security And Brute-force Firewall
312
VMScore
CVE-2022-0994
The Hummingbird WordPress plugin prior to 3.3.2 does not sanitise and escape the Config Name, which could allow high privilege users, such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Incsub Hummingbird
312
VMScore
CVE-2022-1001
The WP Downgrade WordPress plugin prior to 1.2.3 only perform client side validation of its "WordPress Target Version" settings, but does not sanitise and escape it server side, allowing high privilege users such as admin to perform Cross-Site attacks even when the unfi...
Wp Downgrade Project Wp Downgrade
NA
CVE-2023-2601
The wpbrutalai WordPress plugin prior to 2.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin via CSRF.
Wp Brutal Ai Project Wp Brutal Ai
NA
CVE-2023-2606
The WP Brutal AI WordPress plugin prior to 2.06 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite ...
Brutalplugins Wp Brutal Ai
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »