Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.0.2 vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2023-5956
The Wp-Adv-Quiz WordPress plugin up to and including 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in...
Markusbegerow Wp-adv-quiz
6.1
CVSSv3
CVE-2022-1618
The Coru LFMember WordPress plugin up to and including 1.0.2 does not have CSRF check in place when adding a new game, and is lacking sanitisation as well as escaping in their settings, allowing malicious user to make a logged in admin add an arbitrary game with XSS payloads
Marcorulicke Coru Lfmember
7.2
CVSSv3
CVE-2023-3664
The FileOrganizer WordPress plugin up to and including 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server.
Fileorganizer Fileorganizer
6.1
CVSSv3
CVE-2023-2813
All of the above Aapna WordPress theme up to and including 1.3, Anand WordPress theme up to and including 1.2, Anfaust WordPress theme up to and including 1.1, Arendelle WordPress theme prior to 1.1.13, Atlast Business WordPress theme up to and including 1.5.8.5, Bazaar Lite Word...
Saumendra Aapna
Saumendra Anand
Thewebhunter Anfaust
Deothemes Arendelle
Archimidismertzanos Atlast Business
Themeinprogress Bazaar Lite
Arthousewebdesign Brain Power
Yws Bunnypress Lite
Ayecode Cafe Bistro
Ayecode College
Omarfolgheraiter Digitally
Henleythemes Counterpoint
Ajaydsouza Connections Reloaded
Competethemes Drop
Ayecode Directory
Deothemes Everse
Archimidismertzanos Fashionable Store
Marchettidesign Fullbase
Dotecsa Ilex
Jinwen Js O3 Lite
Climaxthemes Kata
Jinwen Js Paper
6.5
CVSSv3
CVE-2022-4888
The Checkout Fields Manager WordPress plugin prior to 1.0.2, Abandoned Cart Recovery WordPress plugin prior to 1.2.5, Custom Fields for WooCommerce WordPress plugin prior to 1.0.4, Custom Order Number WordPress plugin up to and including 1.0.1, Custom Registration Forms Builder W...
Addify Order Tracking For Woocommerce
Addify Order Approval For Woocommerce
Addify Image Watermark For Woocommerce
Addify Gift Registry For Woocommerce
Addify Advanced Free Gifts
Addify Custom Registration Forms Builder
Addify Custom Order Number
Addify Custom Fields For Woocommerce
Addify Abandoned Cart Recovery
Addify Checkout Fields Manager
6.1
CVSSv3
CVE-2015-10121
A vulnerability has been found in Beeliked Microsite Plugin up to 1.0.1 on WordPress and classified as problematic. Affected by this vulnerability is the function embed_handler of the file beelikedmicrosite.php. The manipulation leads to cross site scripting. The attack can be la...
Beeliked Beeliked
4.8
CVSSv3
CVE-2023-2635
The Call Now Accessibility Button WordPress plugin prior to 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for examp...
Stpetedesign Call Now Accessibility Button 1.0.2
9.8
CVSSv3
CVE-2020-36708
The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1...
Machothemes Naturemag Lite
Colorlib Sparklinkg
Machothemes Antreas
Colorlib Bonkers
Cpothemes Affluent
Cpothemes Transcend
Machothemes Regina Lite
Cpothemes Brilliance
Machothemes Medzone Lite
Colorlib Pixova Lite
Colorlib Newspaper X
Cpothemes Allegiant
Colorlib Illdy
Colorlib Activello
Machothemes Newsmag
Colorlib Shapely
8.8
CVSSv3
CVE-2023-2546
The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpus_allow_user_to_admin_bar_menu' function with the 'wpus_who_switch' cookie value...
Wp User Switch Project Wp User Switch
2 Github repositories
6.1
CVSSv3
CVE-2015-10113
A vulnerability classified as problematic was found in WooFramework Tweaks Plugin up to 1.0.1 on WordPress. Affected by this vulnerability is the function admin_screen_logic of the file wooframework-tweaks.php. The manipulation of the argument url leads to open redirect. The atta...
Woocommerce Wooframework Tweaks
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »