Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.0.4 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-24353
The import_data function of the Simple 301 Redirects by BetterLinks WordPress plugin prior to 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to import a set of site redirects.
Wpdeveloper Simple 301 Redirects
4.8
CVSSv3
CVE-2021-24482
The Related Posts for WordPress plugin up to and including 2.0.4 does not sanitise its heading_text and CSS settings, allowing high privilege users (admin) to set XSS payloads in them, leading to Stored Cross-Site Scripting issues.
Never5 Related Posts
6.1
CVSSv3
CVE-2022-0346
The XML Sitemap Generator for Google WordPress plugin prior to 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on.
Xmlsitemapgenerator Xml Sitemap Generator
5.4
CVSSv3
CVE-2021-24883
The Popup Anything WordPress plugin prior to 2.0.4 does not escape the Link Text and Button Text fields of Popup, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks
Essentialplugin Popup Anything
8.8
CVSSv3
CVE-2021-24354
A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin prior to 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites.
Wpdeveloper Simple 301 Redirects
NA
CVE-2011-5304
Multiple cross-site scripting (XSS) vulnerabilities in the Sodahead Polls plugin prior to 2.0.4 for WordPress allow remote malicious users to inject arbitrary web script or HTML via (1) the poll_id parameter to customizer.php or (2) the customize parameter to poll.php.
Sodahead Sodahead Polls
8.8
CVSSv3
CVE-2021-24356
In the Simple 301 Redirects by BetterLinks WordPress plugin prior to 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made it possible for authenticated users to activate arbitrary plugins installed on v...
Wpdeveloper Simple 301 Redirects
1 Github repository
5.3
CVSSv3
CVE-2023-6963
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated malicious users to bypass the Captcha Verification of the Contact Form block by omitting 'g-recaptcha-...
Motopress Getwid - Gutenberg Blocks
4.8
CVSSv3
CVE-2022-3836
The Seed Social WordPress plugin prior to 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite ...
Seedwebs Seed Social
4.8
CVSSv3
CVE-2022-3610
The Jeeng Push Notifications WordPress plugin prior to 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example ...
Jeeng Push Notifications Project Jeeng Push Notifications
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »