Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.0 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-4117
The IWS WordPress plugin up to and including 1.0 does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection.
Iws-geo-form-fields Project Iws-geo-form-fields
9.8
CVSSv3
CVE-2021-24223
The N5 Upload Form WordPress plugin up to and including 1.0 suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. The uploaded filename might be hard to guess as it's generated with md5(uniqid(rand())), howeve...
9.8
CVSSv3
CVE-2019-9618
The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the "cfg" parameter.
Gracemedia Media Player Project Gracemedia Media Player 1.0
1 EDB exploit
9.8
CVSSv3
CVE-2018-5315
The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to event.php.
Wp Events Calendar Project Wp Events Calendar 1.0
1 EDB exploit
9.8
CVSSv3
CVE-2017-1002027
Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.php.
Rayanehdownload Rk-responsive-contact-form 1.0
9.8
CVSSv3
CVE-2017-1002028
Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query.
Angrybyte Gallery-transformation 1.0
9.8
CVSSv3
CVE-2017-6095
A SQL injection issue exists in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id.
Mail-masta Project Mail-masta 1.0
1 EDB exploit
9.1
CVSSv3
CVE-2016-1000112
Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin
Contussupport Contus-video-comments 1.0
8.8
CVSSv3
CVE-2023-6532
The WP Blogs' Planetarium WordPress plugin up to and including 1.0 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack
Wp-blogs-planetarium Project Wp-blogs-planetarium
8.8
CVSSv3
CVE-2023-5820
The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality. This makes it possible for unauthenticated malicious users to upload arbitrary fi...
I13websolution Thumbnail Slider With Lightbox 1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2024-5274
CVE-2020-17519
CVE-2024-35340
CVE-2021-47558
local
XML injection
CVE-2021-47519
CVE-2021-47543
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »