Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.2.2 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2012-4271
Multiple cross-site scripting (XSS) vulnerabilities in bad-behavior-wordpress-admin.php in the Bad Behavior plugin prior to 2.0.47 and 2.2.x prior to 2.2.5 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) httpbl_key, (3)...
Mark Jaquith Bad Behavior
Mark Jaquith Bad Behavior 2.2.0
Mark Jaquith Bad Behavior 2.2.1
Mark Jaquith Bad Behavior 2.2.2
Mark Jaquith Bad Behavior 2.2.3
Mark Jaquith Bad Behavior 2.2.4
Wordpress Wordpress -
7.5
CVSSv2
CVE-2021-24499
The Workreap WordPress theme prior to 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the ...
Amentotech Workreap
3 Github repositories
5
CVSSv2
CVE-2018-10363
An issue exists in the WpDevArt "Booking calendar, Appointment Booking System" plugin 2.2.2 for WordPress. Multiple parameters allow remote malicious users to manipulate the values to change data such as prices.
Wpdevart Booking Calendar 2.2.2
4.3
CVSSv2
CVE-2013-1407
Multiple cross-site scripting (XSS) vulnerabilities in the Events Manager plugin prior to 5.3.5 and Events Manager Pro plugin prior to 2.2.9 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) scope parameter to index.php; (2) user_name, ...
Netweblogic Events Manager
Netweblogic Events Manager 5.3.2.1
Netweblogic Events Manager 5.3.1
Netweblogic Events Manager 5.3.2
Netweblogic Events Manager 5.3.3
Netweblogic Events Manager 5.3
Netweblogic Events Manager Pro
Netweblogic Events Manager Pro 2.2.5
Netweblogic Events Manager Pro 2.2.3
Netweblogic Events Manager Pro 2.2.8
Netweblogic Events Manager Pro 2.2.2
Netweblogic Events Manager Pro 2.2.1
Netweblogic Events Manager Pro 2.2.6
Netweblogic Events Manager Pro 2.2.4
Netweblogic Events Manager Pro 2.2
5
CVSSv2
CVE-2012-4915
Directory traversal vulnerability in the Google Doc Embedder plugin prior to 2.5.4 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php.
Davistribe Google Doc Embedder
Davistribe Google Doc Embedder 2.0
Davistribe Google Doc Embedder 2.1
Davistribe Google Doc Embedder 2.2
Davistribe Google Doc Embedder 2.2.1
Davistribe Google Doc Embedder 2.2.2
Davistribe Google Doc Embedder 2.2.3
Davistribe Google Doc Embedder 2.3
Davistribe Google Doc Embedder 2.4
Davistribe Google Doc Embedder 2.4.1
Davistribe Google Doc Embedder 2.4.2
Davistribe Google Doc Embedder 2.4.3
Davistribe Google Doc Embedder 2.4.4
Davistribe Google Doc Embedder 2.4.5
Davistribe Google Doc Embedder 2.4.6
Davistribe Google Doc Embedder 2.5
Davistribe Google Doc Embedder 2.5.1
Davistribe Google Doc Embedder 2.5.2
1 EDB exploit
1 Github repository
5
CVSSv2
CVE-2012-6112
classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon prior to 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x prior to 2.1.10, 2.2.x prior to 2.2.7, 2.3.x prior to 2.3.4, and 2.4.x prior to 2.4.1 and other products, does not properly handle control charact...
Tinymce Spellchecker Php 2.0
Tinymce Spellchecker Php 2.0.1
Tinymce Spellchecker Php 2.0.2
Tinymce Spellchecker Php 2.0.3
Tinymce Spellchecker Php 2.0.6
Moodle Moodle 2.1.2
Moodle Moodle 2.1.8
Moodle Moodle 2.1.9
Moodle Moodle 2.1.1
Moodle Moodle 2.1.5
Moodle Moodle 2.1.6
Moodle Moodle 2.1.3
Moodle Moodle 2.1.7
Moodle Moodle 2.1.4
Moodle Moodle 2.1.0
Moodle Moodle 2.2.2
Moodle Moodle 2.2.6
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.2.5
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
10
CVSSv2
CVE-2012-3576
Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin prior to 2.5.30 for WordPress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads...
Jquindlen Wpstorecart
Jquindlen Wpstorecart 0.62
Jquindlen Wpstorecart 1.0.0
Jquindlen Wpstorecart 2.0.0
Jquindlen Wpstorecart 2.0.1
Jquindlen Wpstorecart 2.0.2
Jquindlen Wpstorecart 2.0.3
Jquindlen Wpstorecart 2.0.4
Jquindlen Wpstorecart 2.0.5
Jquindlen Wpstorecart 2.0.6
Jquindlen Wpstorecart 2.0.7
Jquindlen Wpstorecart 2.0.8
Jquindlen Wpstorecart 2.0.9
Jquindlen Wpstorecart 2.0.10
Jquindlen Wpstorecart 2.0.11
Jquindlen Wpstorecart 2.0.12
Jquindlen Wpstorecart 2.0.13
Jquindlen Wpstorecart 2.1.0
Jquindlen Wpstorecart 2.1.1
Jquindlen Wpstorecart 2.1.2
Jquindlen Wpstorecart 2.1.3
Jquindlen Wpstorecart 2.1.4
1 EDB exploit
4.3
CVSSv2
CVE-2013-6342
Cross-site scripting (XSS) vulnerability in the Tweet Blender plugin prior to 4.0.2 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the tb_tab_index parameter to wp-admin/options-general.php.
Tweet-blender Tweet-blender 3.2.2
Tweet-blender Tweet-blender 2.0.1
Tweet-blender Tweet-blender 3.3.9
Tweet-blender Tweet-blender 3.3.6
Tweet-blender Tweet-blender 3.3.15
Tweet-blender Tweet-blender 3.1.5
Tweet-blender Tweet-blender 3.0.1
Tweet-blender Tweet-blender 3.3.7
Tweet-blender Tweet-blender 3.1.12
Tweet-blender Tweet-blender 3.3.4
Tweet-blender Tweet-blender 2.4.6
Tweet-blender Tweet-blender 3.3.5
Tweet-blender Tweet-blender 3.1.7
Tweet-blender Tweet-blender 2.0.5
Tweet-blender Tweet-blender 3.3.13
Tweet-blender Tweet-blender 2.4.5
Tweet-blender Tweet-blender 3.1.8
Tweet-blender Tweet-blender 3.0.4
Tweet-blender Tweet-blender 2.3.0
Tweet-blender Tweet-blender 3.3.8
Tweet-blender Tweet-blender 3.1.10
Tweet-blender Tweet-blender 3.1.11
7.5
CVSSv2
CVE-2014-4725
The MailPoet Newsletters (wysija-newsletters) plugin prior to 2.6.7 for WordPress allows remote malicious users to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/...
Mailpoet Mailpoet Newsletters 2.1.1
Mailpoet Mailpoet Newsletters 2.0.6
Mailpoet Mailpoet Newsletters 1.1.5
Mailpoet Mailpoet Newsletters 2.0
Mailpoet Mailpoet Newsletters 2.1.2
Mailpoet Mailpoet Newsletters 2.6.3
Mailpoet Mailpoet Newsletters 1.0.1
Mailpoet Mailpoet Newsletters 2.5.4
Mailpoet Mailpoet Newsletters 0.9.2
Mailpoet Mailpoet Newsletters 2.3.1
Mailpoet Mailpoet Newsletters 2.4.1
Mailpoet Mailpoet Newsletters 2.3.2
Mailpoet Mailpoet Newsletters 2.6
Mailpoet Mailpoet Newsletters 2.5.9.3
Mailpoet Mailpoet Newsletters 2.0.7
Mailpoet Mailpoet Newsletters 2.0.8
Mailpoet Mailpoet Newsletters 2.0.9
Mailpoet Mailpoet Newsletters 2.4.4
Mailpoet Mailpoet Newsletters 2.6.4
Mailpoet Mailpoet Newsletters 2.5.3
Mailpoet Mailpoet Newsletters 2.3.3
Mailpoet Mailpoet Newsletters 2.0.5
1 EDB exploit
NA
CVE-2022-45369
Auth. (subscriber+) Broken Access Control vulnerability in Plugin for Google Reviews plugin <= 2.2.2 on WordPress.
Richplugins Plugin For Google Reviews
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »