Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.3 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2015-9406
Directory traversal vulnerability in the mTheme-Unus theme prior to 2.3 for WordPress allows an malicious user to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php.
Mtheme-unus Project Mtheme-unus
8.8
CVSSv3
CVE-2021-24755
The myCred WordPress plugin prior to 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user
Mycred Mycred
4.3
CVSSv3
CVE-2023-4297
The Mmm Simple File List WordPress plugin up to and including 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories.
Mediamanifesto Mmm Simple File List
NA
CVE-2014-4518
Cross-site scripting (XSS) vulnerability in xd_resize.php in the Contact Form by ContactMe.com plugin 2.3 and previous versions for WordPress allows remote malicious users to inject arbitrary web script or HTML via the width parameter.
D-coda Contactme
9.8
CVSSv3
CVE-2020-36718
The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njt_gdpr_allow_permissions" value. This allows unauthenticated malicious users to inject a PHP Objec...
Ninjateam Gpdr Ccpa Compliance Support
4.8
CVSSv3
CVE-2021-24592
The Sitewide Notice WP WordPress plugin prior to 2.3 does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Yoohooplugins Sitewide Notice
NA
CVE-2015-5482
Directory traversal vulnerability in the GD bbPress Attachments plugin prior to 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php.
Dev4press Gd Bbpress Attachments
6.1
CVSSv3
CVE-2022-3415
The Chat Bubble WordPress plugin prior to 2.3 does not sanitise and escape some contact parameters, which could allow unauthenticated malicious users to set Stored Cross-Site Scripting payloads in them, which will trigger when an admin view the related contact message
Bluecoral Chat Bubble
NA
CVE-2015-5481
Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD bbPress Attachments plugin prior to 2.3 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php.
Dev4press Gd Bbpress Attachments
6.1
CVSSv3
CVE-2015-9505
The Easy Digital Downloads (EDD) core component 1.8.x prior to 1.8.7, 1.9.x prior to 1.9.10, 2.0.x prior to 2.0.5, 2.1.x prior to 2.1.11, 2.2.x prior to 2.2.9, and 2.3.x prior to 2.3.7 for WordPress has XSS because add_query_arg is misused.
Sandhillsdev Easy Digital Downloads
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »