Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.0.5 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2021-36878
Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for malicious users to update settings.
Stylemixthemes Ulisting
6.5
CVSSv3
CVE-2021-36877
Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for malicious users to modify user roles.
Stylemixthemes Ulisting
8.8
CVSSv3
CVE-2021-36876
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress uListing plugin (versions <= 2.0.5) as it lacks CSRF checks on plugin administration pages.
Stylemixthemes Ulisting
4.8
CVSSv3
CVE-2021-36875
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability in WordPress uListing plugin (versions <= 2.0.5). Vulnerable parameters: &filter[id], &filter[user], &filter[expired_date], &filter[created_date], &filter[updated_date].
Stylemixthemes Ulisting
4.3
CVSSv3
CVE-2022-40205
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved.
Gvectors Wpforo Forum
4.3
CVSSv3
CVE-2022-40206
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public.
Gvectors Wpforo Forum
6.1
CVSSv3
CVE-2015-9505
The Easy Digital Downloads (EDD) core component 1.8.x prior to 1.8.7, 1.9.x prior to 1.9.10, 2.0.x prior to 2.0.5, 2.1.x prior to 2.1.11, 2.2.x prior to 2.2.9, and 2.3.x prior to 2.3.7 for WordPress has XSS because add_query_arg is misused.
Sandhillsdev Easy Digital Downloads
6.1
CVSSv3
CVE-2021-24941
The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin prior to 2.0.5 does not sanitise and escape the message_id parameter of the get_message_action_row AJAX action before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue
Icegram Icegram
9.8
CVSSv3
CVE-2019-6703
Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin up to and including 2.0.5 for WordPress allows unauthenticated malicious users to update arbitrary WordPress option values, leading to site takeover. These attackers can send reques...
Calmar-webmedia Total Donations
6.1
CVSSv3
CVE-2015-9515
The Easy Digital Downloads (EDD) htaccess Editor extension for WordPress, as used with EDD 1.8.x prior to 1.8.7, 1.9.x prior to 1.9.10, 2.0.x prior to 2.0.5, 2.1.x prior to 2.1.11, 2.2.x prior to 2.2.9, and 2.3.x prior to 2.3.7, has XSS because add_query_arg is misused.
Sandhillsdev Easy Digital Downloads
Easydigitaldownloads Htaccess Editor -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »