Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.8 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-4791
The Product Slider and Carousel with Category for WooCommerce WordPress plugin prior to 2.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Essentialplugin Product Slider And Carousel With Category With Woocommerce
NA
CVE-2022-2152
The Duplicate Page and Post WordPress plugin prior to 2.8 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Duplicate Page And Post Project Duplicate Page And Post
3.5
CVSSv2
CVE-2021-24408
The Prismatic WordPress plugin prior to 2.8 does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS...
Plugin-planet Prismatic
4.3
CVSSv2
CVE-2021-24409
The Prismatic WordPress plugin prior to 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator
Plugin-planet Prismatic
4.3
CVSSv2
CVE-2020-11023
In jQuery versions greater than or equal to 1.0.3 and prior to 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted c...
Jquery Jquery
Debian Debian Linux 9.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Drupal Drupal
Oracle Weblogic Server 12.1.3.0.0
Oracle Hyperion Financial Reporting 11.1.2.4
Oracle Weblogic Server 12.2.1.3.0
Oracle Webcenter Sites 12.2.1.3.0
Oracle Application Testing Suite 13.3.0.1
Oracle Communications Operations Monitor 3.4
Oracle Weblogic Server 12.2.1.4.0
Oracle Webcenter Sites 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
Oracle Communications Interactive Session Recorder
Oracle Communications Element Manager 8.2.0
Oracle Communications Element Manager 8.2.1
Oracle Communications Element Manager 8.1.1
Oracle Application Express
Oracle Rest Data Services 12.2.0.1
Oracle Rest Data Services 12.1.0.2
13 Github repositories
4.3
CVSSv2
CVE-2016-10980
The kento-post-view-counter plugin up to and including 2.8 for WordPress has XSS via kento_pvc_geo.
Kentothemes Kento-post-view-counter
4.3
CVSSv2
CVE-2016-10981
The kento-post-view-counter plugin up to and including 2.8 for WordPress has stored XSS via kento_pvc_numbers_lang, kento_pvc_today_text, or kento_pvc_total_text.
Kentothemes Kento-post-view-counter
6.8
CVSSv2
CVE-2016-10982
The kento-post-view-counter plugin up to and including 2.8 for WordPress has wp-admin/admin.php?page=kentopvc_settings CSRF.
Kentothemes Kento-post-view-counter
7.5
CVSSv2
CVE-2019-15322
The shortcode-factory plugin prior to 2.8 for WordPress has Local File Inclusion.
Wpmadeasy Shortcode Factory
7.5
CVSSv2
CVE-2015-2065
SQL injection vulnerability in videogalleryrss.php in the Apptha WordPress Video Gallery (contus-video-gallery) plugin prior to 2.8 for WordPress allows remote malicious users to execute arbitrary SQL commands via the vid parameter in a rss action to wp-admin/admin-ajax.php.
Apptha Wordpress Video Gallery
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »