Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.7 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2013-10023
A vulnerability was found in Editorial Calendar Plugin up to 2.6 on WordPress. It has been declared as critical. Affected by this vulnerability is the function edcal_filter_where of the file edcal.php. The manipulation of the argument edcal_startDate/edcal_endDate leads to sql in...
Editorial Calendar Project Editorial Calendar
8.8
CVSSv3
CVE-2023-5099
The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. This allows authenticated attackers, with contributor-level permissions a...
Jonashjalmarsson Html Filter And Csv-file Search
8.8
CVSSv3
CVE-2023-1597
The tagDiv Cloud Library WordPress plugin prior to 2.7 does not have authorisation and CSRF in an AJAX action accessible to both unauthenticated and authenticated users, allowing unauthenticated users to change arbitrary user metadata, which could lead to privilege escalation by ...
Tagdiv Cloud Library
8.8
CVSSv3
CVE-2022-37411
Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza's Captcha Code plugin <= 2.7 at WordPress.
Captcha Code Project Captcha Code
8.8
CVSSv3
CVE-2015-9454
The smooth-slider plugin prior to 2.7 for WordPress has SQL Injection via the wp-admin/admin.php?page=smooth-slider-admin current_slider_id parameter.
Slidervilla Smooth Slider
6.1
CVSSv3
CVE-2020-11023
In jQuery versions greater than or equal to 1.0.3 and prior to 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted c...
Jquery Jquery
Debian Debian Linux 9.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Drupal Drupal
Oracle Weblogic Server 12.1.3.0.0
Oracle Hyperion Financial Reporting 11.1.2.4
Oracle Weblogic Server 12.2.1.3.0
Oracle Webcenter Sites 12.2.1.3.0
Oracle Application Testing Suite 13.3.0.1
Oracle Communications Operations Monitor 3.4
Oracle Weblogic Server 12.2.1.4.0
Oracle Webcenter Sites 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
Oracle Communications Interactive Session Recorder
Oracle Communications Element Manager 8.2.0
Oracle Communications Element Manager 8.2.1
Oracle Communications Element Manager 8.1.1
Oracle Application Express
Oracle Rest Data Services 12.2.0.1
Oracle Rest Data Services 12.1.0.2
13 Github repositories
6.1
CVSSv3
CVE-2016-10990
The wp-cerber plugin prior to 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header.
Wpcerber Cerber Security Antispam \\& Malware Scan
6.1
CVSSv3
CVE-2019-6780
The Wise Chat plugin prior to 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer.
Kaine Wise Chat
1 EDB exploit
5.7
CVSSv3
CVE-2021-24752
Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin prior to 1.9, To Top WordPress plugin prior to 2.3,...
Catchplugins Catch Scroll Progress Bar
Catchplugins Catch Sticky Menu
Catchplugins Catch Themes Demo Import
Catchplugins Catch Under Construction
Catchplugins Catch Web Tools
Catchplugins Essential Content Types
Catchplugins Generate Child Theme
Catchplugins Header Enhancement
Catchplugins To Top
Catchplugins Essential Widgets
5.4
CVSSv3
CVE-2023-5096
The HTML filter and csv-file search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'csvsearch' shortcode in versions up to, and including, 2.7 due to insufficient input sanitization and output escaping on user supplied attributes...
Jonashjalmarsson Html Filter And Csv-file Search
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »