Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.2.1 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-18605
The gravitate-qa-tracker plugin up to and including 1.2.1 for WordPress has PHP Object Injection.
Gravitatedesign Gravitate Qa Tracker
9.8
CVSSv3
CVE-2018-21013
The Swape theme prior to 1.2.1 for WordPress has incorrect access control, as demonstrated by allowing new administrator accounts via vectors involving xmlPath to wp-admin/admin-ajax.php.
Upperthemes Swape
9.8
CVSSv3
CVE-2015-7670
Multiple SQL injection vulnerabilities in includes/update.php in the Support Ticket System plugin prior to 1.2.1 for WordPress allow remote malicious users to execute arbitrary SQL commands via the (1) user or (2) id parameter.
Support Ticket System Project Support Ticket System
9.8
CVSSv3
CVE-2017-14125
SQL injection vulnerability in the Responsive Image Gallery plugin prior to 1.2.1 for WordPress allows remote malicious users to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php.
Wpdevart Responsive Image Gallery Gallery Album
8.8
CVSSv3
CVE-2023-6996
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Code Injection via the plugin's vg_display_data shortcode in all versions up to, and including, 1.2.1 due to insufficient input validation and restriction on ...
Vegacorp Display Custom Fields In The Frontend - Post And User Profile Fields
8.8
CVSSv3
CVE-2023-4311
The Vrm 360 3D Model Viewer WordPress plugin up to and including 1.2.1 is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode.
Maurice Vrm360
8.8
CVSSv3
CVE-2023-5776
The Post Meta Data Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the pmdm_wp_ajax_delete_meta, pmdm_wp_delete_user_meta, and pmdm_wp_delete_user_meta functions. This...
Wpexpertplugins Post Meta Data Manager
8.8
CVSSv3
CVE-2021-4349
The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This makes it possible for unauthenticated malicious users to conduct unspecified attacks via forged request granted they can trick a site...
Coolplugins Process Steps Template Designer
8.8
CVSSv3
CVE-2023-28661
The WP Popup Banners WordPress Plugin, version <= 1.2.5, is affected by an authenticated SQL injection vulnerability in the 'value' parameter in the get_popup_data action.
Accesspressthemes Wp Popup Banners 1.2.3
Accesspressthemes Wp Popup Banners 1.2.4
Accesspressthemes Wp Popup Banners 1.2.2
Accesspressthemes Wp Popup Banners 1.2.1
Accesspressthemes Wp Popup Banners 1.2.0
Accesspressthemes Wp Popup Banners 1.1.9
Accesspressthemes Wp Popup Banners 1.1.8
Accesspressthemes Wp Popup Banners 1.1.7
Accesspressthemes Wp Popup Banners 1.1.6
Accesspressthemes Wp Popup Banners 1.1.5
Accesspressthemes Wp Popup Banners 1.1.4
Accesspressthemes Wp Popup Banners 1.1.3
Accesspressthemes Wp Popup Banners 1.1.2
Accesspressthemes Wp Popup Banners 1.1.1
Accesspressthemes Wp Popup Banners 1.1.0
Accesspressthemes Wp Popup Banners 1.0.9
Accesspressthemes Wp Popup Banners 1.0.8
Accesspressthemes Wp Popup Banners 1.0.7
Accesspressthemes Wp Popup Banners 1.0.6
Accesspressthemes Wp Popup Banners 1.0.5
Accesspressthemes Wp Popup Banners 1.0.4
Accesspressthemes Wp Popup Banners 1.0.3
8.8
CVSSv3
CVE-2022-2245
The Counter Box WordPress plugin prior to 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow malicious users to make a logged in admin perform such actions via CSRF attacks
Wow-company Counter Box
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
command injection
CVE-2021-47511
CVE-2024-26238
CVE-2024-4858
CVE-2024-21305
XXE
CVE-2021-47555
CVE-2021-47526
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »