Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.2.1 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-20973
The companion-auto-update plugin prior to 3.2.1 for WordPress has local file inclusion.
Codeermeneer Companion Auto Update
8.8
CVSSv3
CVE-2021-4394
The Locations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated malicious users to update cu...
Goldplugins Locations
8.8
CVSSv3
CVE-2023-2628
The KiviCare WordPress plugin prior to 3.2.1 does not have CSRF checks (either flawed or missing completely) in various AJAX actions, which could allow malicious users to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete ...
Iqonic Kivicare
8.8
CVSSv3
CVE-2021-24804
The Simple JWT Login WordPress plugin prior to 3.2.1 does not have nonce checks when saving its settings, allowing malicious users to make a logged in admin changed them. Settings such as HMAC verification secret, account registering and default user roles can be updated, which c...
Simple Jwt Login Project Simple Jwt Login
8.8
CVSSv3
CVE-2021-39317
A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.p...
Accesspressthemes Access Demo Importer
Accesspressthemes Eightstore-lite
Accesspressthemes Enlighten
Accesspressthemes Fotography
Accesspressthemes Opstore
Accesspressthemes Parallaxsome
Accesspressthemes Punte
Accesspressthemes Revolve
Accesspressthemes Ripple
Accesspressthemes Sakala
Accesspressthemes Scrollme
Accesspressthemes Storevilla
Accesspressthemes Swing-lite
Accesspressthemes The100
Accesspressthemes Accesspress-lite
Accesspressthemes The-launcher
Accesspressthemes The-monday
Accesspressthemes Ultra-seven
Accesspressthemes Uncode-lite
Accesspressthemes Vmag
Accesspressthemes Vmagazine-lite
Accesspressthemes Vmagazine-news
8.8
CVSSv3
CVE-2018-20972
The companion-auto-update plugin prior to 3.2.1 for WordPress has CSRF.
Codeermeneer Companion Auto Update
8.8
CVSSv3
CVE-2019-14216
An issue exists in the svg-vector-icon-plugin (aka WP SVG Icons) plugin up to and including 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file.
Wp Svg Icons Project Wp Svg Icons
7.5
CVSSv3
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Wordpress Wordpress 4.7.1
Wordpress Wordpress 4.7.2
Wordpress Wordpress 4.6.6
Wordpress Wordpress 4.6.5
Wordpress Wordpress 4.6.4
Wordpress Wordpress 4.5.7
Wordpress Wordpress 4.5.6
Wordpress Wordpress 4.5
Wordpress Wordpress 4.4.9
Wordpress Wordpress 4.4.11
Wordpress Wordpress 4.4.10
Wordpress Wordpress 4.3.5
Wordpress Wordpress 4.3.4
Wordpress Wordpress 4.3
Wordpress Wordpress 4.2.9
Wordpress Wordpress 4.2.16
Wordpress Wordpress 4.2.15
Wordpress Wordpress 4.2
Wordpress Wordpress 4.1.9
Wordpress Wordpress 4.1.2
Wordpress Wordpress 4.1.19
Wordpress Wordpress 4.1.11
2 Github repositories
7.2
CVSSv3
CVE-2021-24483
The get_poll_categories(), get_polls() and get_reports() functions in the Poll Maker WordPress plugin prior to 3.2.1 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in ...
Ays-pro Poll Maker
6.5
CVSSv3
CVE-2023-2623
The KiviCare WordPress plugin prior to 3.2.1 does not restrict the information returned in a response and returns all user data, allowing low privilege users such as subscriber to retrieve sensitive information such as the user email and hashed password of other users
Iqonic Kivicare
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »