Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.2 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-4393
The Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2. This is due to insufficient verification on the OpenID server being supplied during the social login through the plugin. This makes it possible for unauthenticate...
9.8
CVSSv3
CVE-2023-6272
The Theme My Login 2FA WordPress plugin prior to 1.2 does not rate limit 2FA validation attempts, which may allow an malicious user to brute-force all possibilities, which shouldn't be too long, as the 2FA codes are 6 digits.
Thememylogin 2fa
9.8
CVSSv3
CVE-2005-10002
A vulnerability, which was classified as critical, was found in almosteffortless secure-files Plugin up to 1.1 on WordPress. Affected is the function sf_downloads of the file secure-files.php. The manipulation of the argument downloadfile leads to path traversal. Upgrading to ver...
Wp-plugins Secure Files
9.8
CVSSv3
CVE-2019-15822
The wps-child-theme-generator plugin prior to 1.2 for WordPress has classes/helpers.php directory traversal.
Wpserveur Wps Child Theme Generator
9.1
CVSSv3
CVE-2023-49161
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Guelben Bravo Translate.This issue affects Bravo Translate: from n/a up to and including 1.2.
Guelbetech Bravo Translate
8.8
CVSSv3
CVE-2023-7074
The WP SOCIAL BOOKMARK MENU WordPress plugin up to and including 1.2 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack.
Giovambattistafazioli Wp Social Bookmark Menu
8.8
CVSSv3
CVE-2023-0766
The Newsletter Popup WordPress plugin up to and including 1.2 does not have CSRF checks in some places, which could allow malicious users to make logged in users perform unwanted actions via CSRF attacks as the wp_newsletter_show_localrecord page is not protected with a nonce.
Newsletter Popup Project Newsletter Popup
8.8
CVSSv3
CVE-2015-10087
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpThemes Theme DesignFolio Plus 1.2 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. The attack can be launched ...
Upthemes Designfolio-plus
8.8
CVSSv3
CVE-2022-3401
The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability (CVE-2022-3400), makes it possib...
Bricksbuilder Bricks
8.8
CVSSv3
CVE-2022-2443
The FreeMind WP Browser plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.2. This is due to missing nonce protection on the FreemindOptions() function found in the ~/freemind-wp-browser.php file. This makes it possible for unauthe...
Freemind Wp Browser Project Freemind Wp Browser
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30065
CVE-2024-5843
CVE-2024-30080
code execution
CVE-2024-4577
CVE-2024-26169
wireless
remote code execution
CVE-2024-36103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »