Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.5 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2015-10122
A vulnerability was found in wp-donate Plugin up to 1.4 on WordPress. It has been classified as critical. This affects an unknown part of the file includes/donate-display.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. Upgrading to ve...
Wp Donate Project Wp Donate
9.8
CVSSv3
CVE-2023-2704
The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated mali...
Vibethemes Bp Social Connect
9.8
CVSSv3
CVE-2022-36427
Missing Access Control vulnerability in About Rentals. Inc. About Rentals plugin <= 1.5 at WordPress.
About-rentals Project About-rentals
9.8
CVSSv3
CVE-2019-15819
The nd-restaurant-reservations plugin prior to 1.5 for WordPress has no requirement for nd_rst_import_settings_php_function authentication.
Restaurant Reservations Project Restaurant Reservations
9.8
CVSSv3
CVE-2007-6013
Wordpress 1.5 up to and including 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows malicious users to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.
Wordpress Wordpress
Fedoraproject Fedora 8
Fedoraproject Fedora 7
8.8
CVSSv3
CVE-2015-9475
The Pont theme 1.5 for WordPress has insufficient restrictions on option updates.
Pont Project Pont 1.5
8.8
CVSSv3
CVE-2015-9446
The unite-gallery-lite plugin prior to 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php.
Unitegallery Unite Gallery Lite
8.8
CVSSv3
CVE-2015-9445
The unite-gallery-lite plugin prior to 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation.
Unitegallery Unite Gallery Lite
8.8
CVSSv3
CVE-2014-10381
The user-domain-whitelist plugin prior to 1.5 for WordPress has CSRF.
User Domain Whitelist Project User Domain Whitelist
8.8
CVSSv3
CVE-2017-9603
SQL injection vulnerability in the WP Jobs plugin prior to 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php.
Intensewp Wp Jobs
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »