Cm Wp

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-10149 1Cm Wp 1Social Slider Widget Jun 9, 2025 May 15, 2025 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the un...Show more The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2024-13338 1Cm Wp 1Clearfy Jul 8, 2025 Apr 12, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.1. This is due to missing or inco...Show more The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on the wclearfy_cache_delete functionality . This makes it possible for unauthenticated attackers to clear the cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-13337 1Cm Wp 1Clearfy Jul 8, 2025 Apr 12, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.2. This is due to missing or inco...Show more The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.2. This is due to missing or incorrect nonce validation on the 'setup-wbcr_clearfy' page. This makes it possible for unauthenticated attackers to update the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2025-0717 1Cm Wp 1Social Slider Widget Jan 13, 2026 Mar 25, 2025 N/A· v4 3.5 LOW· v3 N/A· v2 To exploit the vulnerability, it is necessary:
CVE-2024-35751 1Cm Wp 1Woody Code Snippets Apr 28, 2026 Jun 8, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Creative Motion, Will Bontrager Software, LLC Woody ad snippets allows Stored XSS.This issue affects Woody ad s...Show more Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Creative Motion, Will Bontrager Software, LLC Woody ad snippets allows Stored XSS.This issue affects Woody ad snippets: from n/a through 2.4.10.Show less
CVE-2020-36759 1Cm Wp 1Woody Code Snippets Apr 8, 2026 Oct 20, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Woody code snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.9. This is due to missing or incorrect nonce validation on the runActions() function. This ma...Show more The Woody code snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.9. This is due to missing or incorrect nonce validation on the runActions() function. This makes it possible for unauthenticated attackers to activate and deactivate snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2023-0477 1Cm Wp 1Auto Featured Image Nov 21, 2024 Mar 13, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.16 includes an AJAX endpoint that allows any user with at least Author privileges to upload arbitrary files, such as PHP files. This is caused by...Show more The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.16 includes an AJAX endpoint that allows any user with at least Author privileges to upload arbitrary files, such as PHP files. This is caused by incorrect file extension validation.Show less
CVE-2022-2877 1Cm Wp 1Titan Anti Spam & Security Nov 21, 2024 Sep 16, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers.
CVE-2021-24932 1Cm Wp 1Auto Featured Image Nov 21, 2024 Dec 13, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.3 does not sanitise and escape the post_id parameter before outputting back in an admin page within a JS block, leading to a Reflected Cross-Site...Show more The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.3 does not sanitise and escape the post_id parameter before outputting back in an admin page within a JS block, leading to a Reflected Cross-Site Scripting issue.Show less
CVE-2021-24196 1Cm Wp 1Social Slider Widget Nov 21, 2024 Apr 5, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘token_error’ parameter can be controlled by users and it is directly echoed without being san...Show more The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘token_error’ parameter can be controlled by users and it is directly echoed without being sanitizedShow less