Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.0.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-3071
The ACF On-The-Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the acfg_update_fields() function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with subscriber-level ...
NA
CVE-2024-3058
The ENL Newsletter WordPress plugin up to and including 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow malicious users to make logged in admin add Stored XSS payloads via a CSRF attack
NA
CVE-2024-3059
The ENL Newsletter WordPress plugin up to and including 1.0.1 does not have CSRF checks in some places, which could allow malicious users to make logged in admins delete arbitrary Campaigns via a CSRF attack
NA
CVE-2024-3060
The ENL Newsletter WordPress plugin up to and including 1.0.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin+ to perform SQL injection attacks
NA
CVE-2023-6067
The WP User Profile Avatar WordPress plugin up to and including 1.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stor...
4.3
CVSSv3
CVE-2023-6384
The WP User Profile Avatar WordPress plugin prior to 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar
Wp-eventmanager User Profile Avatar
9.8
CVSSv3
CVE-2023-51700
Unofficial Mobile BankID Integration for WordPress lets users employ Mobile BankID to authenticate themselves on your WordPress site. before 1.0.1, WP-Mobile-BankID-Integration is affected by a vulnerability classified as a Deserialization of Untrusted Data vulnerability, specifi...
Jamieblomerus Unofficial Mobile Bankid Integration
6.1
CVSSv3
CVE-2023-5141
The BSK Contact Form 7 Blacklist WordPress plugin up to and including 1.0.1 does not sanitise and escape the inserted_count parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Bannersky Bsk Contact Form 7 Blacklist
5.4
CVSSv3
CVE-2023-5668
The WhatsApp Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'whatsapp' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...
Firecask Whatsapp Share Button
6.1
CVSSv3
CVE-2023-5538
The MpOperationLogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the IP Request Headers in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated malicious users to injec...
Mrpeng Mpoperationlogs
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »