Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.1 vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2022-0874
The WP Social Buttons WordPress plugin up to and including 2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Wp-experts Wp Social Buttons
4.8
CVSSv3
CVE-2022-0674
The Kunze Law WordPress plugin prior to 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Kunze-medien Kunze Law
4.8
CVSSv3
CVE-2018-6194
A cross-site scripting (XSS) vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin (wp-splashing-images) prior to 2.1.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the search parameter to wp-admin/...
Splashing Images Project Splashing Images
4.8
CVSSv3
CVE-2018-5667
An issue exists in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-admin/options-general.php rnu_username_validation_pattern parameter.
Read And Understood Project Read And Understood 2.1
4.8
CVSSv3
CVE-2018-5668
An issue exists in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-admin/options-general.php rnu_username_validation_title parameter.
Read And Understood Project Read And Understood 2.1
4.3
CVSSv3
CVE-2023-0761
The Clock In Portal- Staff & Attendance Management WordPress plugin up to and including 2.1 does not have CSRF check when deleting Staff members, which could allow malicious users to make logged in admins delete arbitrary Staff via a CSRF attack
Infigosoftware Clock In Portal- Staff \\& Attendance Management
4.3
CVSSv3
CVE-2023-0762
The Clock In Portal- Staff & Attendance Management WordPress plugin up to and including 2.1 does not have CSRF check when deleting designations, which could allow malicious users to make logged in admins delete arbitrary designations via a CSRF attack
Infigosoftware Clock In Portal- Staff \\& Attendance Management
4.3
CVSSv3
CVE-2023-0763
The Clock In Portal- Staff & Attendance Management WordPress plugin up to and including 2.1 does not have CSRF check when deleting Holidays, which could allow malicious users to make logged in admins delete arbitrary holidays via a CSRF attack
Infigosoftware Clock In Portal- Staff \\& Attendance Management
4.3
CVSSv3
CVE-2022-1695
The WP Simple Adsense Insertion WordPress plugin prior to 2.1 does not perform CSRF checks on updates to its admin page, allowing an malicious user to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form.
Tipsandtricks-hq Wp Simple Adsense Insertion
4.3
CVSSv3
CVE-2021-24776
The WP Performance Score Booster WordPress plugin prior to 2.1 does not have CSRF check when saving its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack.
Wp Performance Score Booster Project Wp Performance Score Booster
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-3611
CVE-2024-4947
CVE-2024-32988
CVE-2020-35165
local file inclusion
CVE-2024-4980
bypass
malicious code
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »