Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.2.3 vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv3
CVE-2024-5162
The WordPress prettyPhoto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacke...
4.9
CVSSv3
CVE-2024-0697
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the backuply_get_jstree function. This makes it possible for attackers with administrator pri...
Softaculous Backuply
9.8
CVSSv3
CVE-2022-40700
Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP &nda...
Millionclues Admin Css Mu
Deano Amp Toolbox
Unihost Confirm Data
Agence-press Css Adder
Millionclues Custom Login Admin Front-end Css
Montonio Montonio For Woocommerce
Frumph Phpfreechat
Designmodo Qards
Paulclark Styles
Squidesma Theme Minifier
Longwatchstudio Woosupply
Longwatchstudio Woovip
Longwatchstudio Woovirtualwallet
Arcstone Amo For Wp - Membership Management
Wpopal Wpopal Core Features
5.4
CVSSv3
CVE-2023-4757
The Staff / Employee Business Directory for Active Directory WordPress plugin prior to 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious jav...
Miniorange Staff / Employee Business Directory For Active Directory
6.1
CVSSv3
CVE-2024-0239
The Contact Form 7 Connector WordPress plugin prior to 1.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against administrators.
Ari-soft Contact Form 7 Connector
4.9
CVSSv3
CVE-2023-4505
The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with...
Miniorange Staff / Employee Business Directory For Active Directory
4.3
CVSSv3
CVE-2023-2351
The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_admin' function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with ...
Wpdirectorykit Wp Directory Kit
5.3
CVSSv3
CVE-2023-2280
The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_public' function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated malicious us...
Wpdirectorykit Wp Directory Kit
6.1
CVSSv3
CVE-2023-2835
The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated malicious ...
Wpdirectorykit Wp Directory Kit
4.3
CVSSv3
CVE-2023-1870
The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the saveLang function. This makes it possible for unauthenticated malicious users to change the plugin...
Plugin Yourchannel
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »