Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.0 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-5362
The Carousel, Recent Post Slider and Banner Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'spice_post_slider' shortcode in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attri...
Spicethemes Carousel\\, Recent Post Slider And Banner Slider
5.4
CVSSv3
CVE-2022-27859
Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark d.o.o. Travel Management plugin <= 2.0 at WordPress.
Nicdark Nd-travel
5.4
CVSSv3
CVE-2019-14796
The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=update_options show_products_page_limit parameter.
Mq-woocommerce-products-price-bulk-edit Project Mq-woocommerce-products-price-bulk-edit 2.0
5.4
CVSSv3
CVE-2018-17140
The Quizlord plugin up to and including 2.0 for WordPress is prone to Stored XSS via the title parameter in a ql_insert action to wp-admin/admin.php.
Vms-studio Quizlord
4.8
CVSSv3
CVE-2023-5005
The Autocomplete Location field Contact Form 7 WordPress plugin prior to 3.0, autocomplete-location-field-contact-form-7-pro WordPress plugin prior to 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cro...
Codesmade Autocomplete Location Field Contact Form 7
4.8
CVSSv3
CVE-2022-4112
The Quizlord WordPress plugin up to and including 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in mult...
Vms-studio Quizlord
4.8
CVSSv3
CVE-2022-2340
The W-DALIL WordPress plugin up to and including 2.0 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite se...
W-dalil Project W-dalil
4.8
CVSSv3
CVE-2022-1294
The IMDB info box WordPress plugin up to and including 2.0 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
99webtools Imdb Info Box
NA
CVE-2023-6799
The WP Reset – Most Advanced WordPress Reset Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 via the use of insufficiently random snapshot names. This makes it possible for unauthenticated malicious users t...
NA
CVE-2015-2218
Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin prior to 2.1 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) item[name] or (2) item...
Magic Hills Wonderplugin Audio Player
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »