Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wpdeveloper vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-6623
The Essential Blocks WordPress plugin prior to 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks.
Wpdeveloper Essential Blocks
9.8
CVSSv3
CVE-2022-46809
Improper Neutralization of Formula Elements in a CSV File vulnerability in WPDeveloper ReviewX – Multi-criteria Rating & Reviews for WooCommerce.This issue affects ReviewX – Multi-criteria Rating & Reviews for WooCommerce: from n/a up to and including 1.6.7.
Wpdeveloper Reviewx
9.8
CVSSv3
CVE-2023-4402
The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. This allows unauthenticated malicious users to inject a PHP Object. No POP chain is present...
Wpdeveloper Essential Blocks Pro
Wpdeveloper Essential Blocks
9.8
CVSSv3
CVE-2023-32243
Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 up to and including 5.7.1.
Wpdeveloper Essential Addons For Elementor
8 Github repositories
9.8
CVSSv3
CVE-2022-0349
The NotificationX WordPress plugin prior to 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection
Wpdeveloper Notificationx
1 Github repository
9.8
CVSSv3
CVE-2022-0320
The Essential Addons for Elementor WordPress plugin prior to 5.0.5 does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated malicious users to perform Local File Inclusion attack and read arbitrary files on the serv...
Wpdeveloper Essential Addons For Elementor
1 Github repository
8.8
CVSSv3
CVE-2023-32245
Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Essential Addons for Elementor Pro.This issue affects Essential Addons for Elementor Pro: from n/a up to and including 5.4.8.
Wpdeveloper Essential Addons For Elementor
8.8
CVSSv3
CVE-2023-2833
The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for authenticated attackers, with minimal permissions such as ...
Wpdeveloper Reviewx
1 Github repository
8.8
CVSSv3
CVE-2023-26325
The 'rx_export_review' action in the ReviewX WordPress Plugin, is affected by an authenticated SQL injection vulnerability in the 'filterValue' and 'selectedColumns' parameters.
Wpdeveloper Reviewx
8.8
CVSSv3
CVE-2021-24352
The export_data function of the Simple 301 Redirects by BetterLinks WordPress plugin prior to 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to export a site's redirects.
Wpdeveloper Simple 301 Redirects
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »