Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.6.2 vulnerabilities and exploits
(subscribe to this query)
9
CVSSv3
CVE-2021-24922
The Pixel Cat WordPress plugin prior to 2.6.2 does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow malicious user to make a logged in admin change them and perform Cross-Site Scripting attacks
Fatcatapps Pixel Cat
8.8
CVSSv3
CVE-2016-10882
The google-document-embedder plugin prior to 2.6.2 for WordPress has CSRF.
Google Doc Embedder Project Google Doc Embedder
7.5
CVSSv3
CVE-2017-11658
In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack.
Wp-rocket Wp-rocket 2.9.11
Wp-rocket Wp-rocket 2.9.10
Wp-rocket Wp-rocket 2.9.9
Wp-rocket Wp-rocket 2.9.8.1
Wp-rocket Wp-rocket 2.8.18
Wp-rocket Wp-rocket 2.8.17
Wp-rocket Wp-rocket 2.8.16
Wp-rocket Wp-rocket 2.8.15
Wp-rocket Wp-rocket 2.8.1
Wp-rocket Wp-rocket 2.8.0
Wp-rocket Wp-rocket 2.7.4
Wp-rocket Wp-rocket 2.7.3
Wp-rocket Wp-rocket 2.6.7
Wp-rocket Wp-rocket 2.6.6
Wp-rocket Wp-rocket 2.6.5
Wp-rocket Wp-rocket 2.6.4
Wp-rocket Wp-rocket 2.5.3
Wp-rocket Wp-rocket 2.5.2
Wp-rocket Wp-rocket 2.5.1
Wp-rocket Wp-rocket 2.5.0
Wp-rocket Wp-rocket 2.3.1
Wp-rocket Wp-rocket 2.3.0
6.5
CVSSv3
CVE-2024-3553
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the hide_notices function in all versions up to, and including, 2.6.2. This makes it possible for unauthenticate...
6.5
CVSSv3
CVE-2023-2405
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.2. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated malicious users to mod...
Vcita Crm And Lead Management By Vcita
6.5
CVSSv3
CVE-2020-9514
An issue exists in the IMPress for IDX Broker plugin prior to 2.6.2 for WordPress. wrappers.php allows a logged-in user (with the Subscriber role) to permanently delete arbitrary posts and pages, create new posts with arbitrary subjects, and modify the subjects of existing posts ...
Idxbroker Impress For Idx Broker
6.1
CVSSv3
CVE-2021-25027
The PowerPack Addons for Elementor WordPress plugin prior to 2.6.2 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting issue
Ideabox Powerpack Addons For Elementor
6.1
CVSSv3
CVE-2016-10881
The google-document-embedder plugin prior to 2.6.2 for WordPress has XSS.
Google Doc Embedder Project Google Doc Embedder
5.4
CVSSv3
CVE-2023-2404
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated ...
Vcita Crm And Lead Management By Vcita
5.4
CVSSv3
CVE-2020-11512
Stored XSS in the IMPress for IDX Broker WordPress plugin prior to 2.6.2 allows authenticated attackers with minimal (subscriber-level) permissions to save arbitrary JavaScript in the plugin's settings panel via the idx_update_recaptcha_key AJAX action and a crafted idx_reca...
Idxbroker Impress For Idx Broker
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2024-5274
CVE-2020-17519
CVE-2024-35340
CVE-2021-47558
local
XML injection
CVE-2021-47519
CVE-2021-47543
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »