Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.5.2 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-24762
The Perfect Survey WordPress plugin prior to 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.
Getperfectsurvey Perfect Survey
1 Github repository
9.8
CVSSv3
CVE-2021-24215
An Improper Access Control vulnerability exists in the Controlled Admin Access WordPress plugin prior to 1.5.2. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a comple...
Wpruby Controlled Admin Access
9.8
CVSSv3
CVE-2018-16613
An issue exists in the update function in the wpForo Forum plugin prior to 1.5.2 for WordPress. A registered forum is able to escalate privilege to the forum administrator without any form of user interaction.
Gvectors Wpforo Forum
9.8
CVSSv3
CVE-2017-1002012
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable before passing it into an SQL statement.
Anblik Image-gallery-with-slideshow 1.5.2
9.8
CVSSv3
CVE-2017-1002013
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php.
Anblik Image-gallery-with-slideshow 1.5.2
9.8
CVSSv3
CVE-2017-1002014
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter.
Anblik Image-gallery-with-slideshow 1.5.2
9.8
CVSSv3
CVE-2017-1002015
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter.
Anblik Image-gallery-with-slideshow 1.5.2
8.8
CVSSv3
CVE-2023-1509
The GMAce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing nonce validation on the gmace_manager_server function called via the wp_ajax_gmace_manager AJAX action. This makes it possible for unauthenti...
Gmace Project Gmace
8.8
CVSSv3
CVE-2021-24763
The Perfect Survey WordPress plugin prior to 1.5.2 does not have proper authorisation nor CSRF checks in the save_global_setting AJAX action, allowing unauthenticated users to edit surveys and modify settings. Given the lack of sanitisation and escaping in the settings, this coul...
Getperfectsurvey Perfect Survey
8.8
CVSSv3
CVE-2021-24190
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WooCommerce Conditional Marketing Mailer WordPress plugin prior to 1.5.2, to install any plugin (including a specific version) from the WordPress repository, as well as activat...
Wp-buy Conditional Marketing Mailer
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »