Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web-dorado vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2014-8584
Cross-site scripting (XSS) vulnerability in the Web Dorado Spider Video Player (aka WordPress Video Player) plugin prior to 1.5.2 for WordPress allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Web-dorado Web-dorado Spider Video Player 1.4.7
Web-dorado Web-dorado Spider Video Player 1.5.1
Web-dorado Web-dorado Spider Video Player 1.4.9
Web-dorado Web-dorado Spider Video Player 1.5
Web-dorado Web-dorado Spider Video Player 1.4.8
5.8
CVSSv2
CVE-2015-4352
Cross-site request forgery (CSRF) vulnerability in the Spider Video Player module for Drupal allows remote malicious users to hijack the authentication of administrators for requests that delete videos via unspecified vectors.
Web-dorado Web-dorado Spider Video Player -
4.9
CVSSv2
CVE-2015-4351
The Spider Video Player module for Drupal allows remote authenticated users with the "access Spider Video Player administration" permission to delete arbitrary files via a crafted URL.
Web-dorado Web-dorado Spider Video Player
NA
CVE-2023-46619
Cross-Site Request Forgery (CSRF) vulnerability in WebDorado WDSocialWidgets plugin <= 1.0.15 versions.
Web-dorado Wdsocialwidgets
NA
CVE-2023-46090
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WebDorado WDSocialWidgets plugin <= 1.0.15 versions.
Web-dorado Wdsocialwidgets
NA
CVE-2023-48320
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebDorado SpiderVPlayer allows Stored XSS.This issue affects SpiderVPlayer: from n/a up to and including 1.5.22.
Web-dorado Spidervplayer
NA
CVE-2023-45632
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WebDorado SpiderVPlayer plugin <= 1.5.22 versions.
Web-dorado Spidervplayer
6.5
CVSSv2
CVE-2021-24625
The SpiderCatalog WordPress plugin up to and including 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category
Web-dorado Spidercatalog
4.3
CVSSv2
CVE-2015-1582
Multiple cross-site scripting (XSS) vulnerabilities in the Spider Facebook plugin prior to 1.0.11 for WordPress allow (1) remote malicious users to inject arbitrary web script or HTML via the appid parameter in a registration task to the default URI or remote administrators to in...
Web-dorado Spider Facebook
3.5
CVSSv2
CVE-2021-24426
The Backup by 10Web – Backup and Restore Plugin WordPress plugin up to and including 1.0.20 does not sanitise or escape the tab parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue
Web-dorado Backup-wd
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »