Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
validated plugin project validated plugin vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2014-4564
Cross-site scripting (XSS) vulnerability in check.php in the Validated plugin 1.0.2 and previous versions for WordPress allows remote malicious users to inject arbitrary web script or HTML via the slug parameter.
Validated Plugin Project Validated Plugin
8.5
CVSSv2
CVE-2013-1916
In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved.
User Photo Project User Photo 0.9.4
1 EDB exploit
6.5
CVSSv2
CVE-2021-24391
An editid GET parameter of the Cashtomer WordPress plugin up to and including 1.0.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
Cashtomer Project Cashtomer
6.5
CVSSv2
CVE-2021-24393
A c GET parameter of the Comment Highlighter WordPress plugin up to and including 0.13 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
Comment Highlighter Project Comment Highlighter
6.5
CVSSv2
CVE-2021-24390
A proid GET parameter of the WordPress???Alipay|???Tenpay|??PayPal???? WordPress plugin up to and including 3.7.2 is not sanitised, properly escaped or validated before inserting to a SQL statement not delimited by quotes, leading to SQL injection.
Alipay Project Alipay
6.5
CVSSv2
CVE-2021-24394
An id GET parameter of the Easy Testimonial Manager WordPress plugin up to and including 1.2.0 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection
Easy Testimonial Manager Project Easy Testimonial Manager
6.5
CVSSv2
CVE-2021-24403
The Orders functionality in the WordPress Page Contact plugin up to and including 1.0 has an order_id parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as cont...
Wpagecontact Project Wpagecontact
6.5
CVSSv2
CVE-2021-24400
The Edit Role functionality in the Display Users WordPress plugin up to and including 2.0.0 had an `id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
Wp-display-users Project Wp-display-users
6.5
CVSSv2
CVE-2021-24401
The Edit domain functionality in the WP Domain Redirect WordPress plugin up to and including 1.0 has an `editid` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
Wp-domain-redirect Project Wp-domain-redirect
5
CVSSv2
CVE-2022-0214
The Custom Popup Builder WordPress plugin prior to 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog
Custom Popup Builder Project Custom Popup Builder
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
command injection
CVE-2021-47511
CVE-2024-26238
CVE-2024-4858
CVE-2024-21305
XXE
CVE-2021-47555
CVE-2021-47526
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »