Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.0.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-3071
The ACF On-The-Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the acfg_update_fields() function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with subscriber-level ...
NA
CVE-2024-3058
The ENL Newsletter WordPress plugin up to and including 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow malicious users to make logged in admin add Stored XSS payloads via a CSRF attack
NA
CVE-2024-3059
The ENL Newsletter WordPress plugin up to and including 1.0.1 does not have CSRF checks in some places, which could allow malicious users to make logged in admins delete arbitrary Campaigns via a CSRF attack
NA
CVE-2024-3060
The ENL Newsletter WordPress plugin up to and including 1.0.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin+ to perform SQL injection attacks
NA
CVE-2023-6067
The WP User Profile Avatar WordPress plugin up to and including 1.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stor...
NA
CVE-2023-6384
The WP User Profile Avatar WordPress plugin prior to 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar
Wp-eventmanager User Profile Avatar
NA
CVE-2023-51700
Unofficial Mobile BankID Integration for WordPress lets users employ Mobile BankID to authenticate themselves on your WordPress site. before 1.0.1, WP-Mobile-BankID-Integration is affected by a vulnerability classified as a Deserialization of Untrusted Data vulnerability, specifi...
Jamieblomerus Unofficial Mobile Bankid Integration
NA
CVE-2023-5141
The BSK Contact Form 7 Blacklist WordPress plugin up to and including 1.0.1 does not sanitise and escape the inserted_count parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Bannersky Bsk Contact Form 7 Blacklist
NA
CVE-2023-5668
The WhatsApp Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'whatsapp' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...
Firecask Whatsapp Share Button
NA
CVE-2023-5538
The MpOperationLogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the IP Request Headers in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated malicious users to injec...
Mrpeng Mpoperationlogs
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »