Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.2.5 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-0558
The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated malicious users to execute functions intended for u...
Contentstudio Contentstudio
9.8
CVSSv3
CVE-2022-0992
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized users to configure 2FA f...
Siteground Security Optimizer
9.8
CVSSv3
CVE-2022-0993
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon success. This affects versio...
Siteground Siteground Security
9.8
CVSSv3
CVE-2021-24236
The Imagements WordPress plugin up to and including 1.2.5 allows images to be uploaded in comments, however only checks for the Content-Type in the request to forbid dangerous files. This allows unauthenticated malicious users to upload arbitrary files by using a valid image Cont...
Imagements Project Imagements
8.8
CVSSv3
CVE-2023-28661
The WP Popup Banners WordPress Plugin, version <= 1.2.5, is affected by an authenticated SQL injection vulnerability in the 'value' parameter in the get_popup_data action.
Accesspressthemes Wp Popup Banners 1.2.3
Accesspressthemes Wp Popup Banners 1.2.4
Accesspressthemes Wp Popup Banners 1.2.2
Accesspressthemes Wp Popup Banners 1.2.1
Accesspressthemes Wp Popup Banners 1.2.0
Accesspressthemes Wp Popup Banners 1.1.9
Accesspressthemes Wp Popup Banners 1.1.8
Accesspressthemes Wp Popup Banners 1.1.7
Accesspressthemes Wp Popup Banners 1.1.6
Accesspressthemes Wp Popup Banners 1.1.5
Accesspressthemes Wp Popup Banners 1.1.4
Accesspressthemes Wp Popup Banners 1.1.3
Accesspressthemes Wp Popup Banners 1.1.2
Accesspressthemes Wp Popup Banners 1.1.1
Accesspressthemes Wp Popup Banners 1.1.0
Accesspressthemes Wp Popup Banners 1.0.9
Accesspressthemes Wp Popup Banners 1.0.8
Accesspressthemes Wp Popup Banners 1.0.7
Accesspressthemes Wp Popup Banners 1.0.6
Accesspressthemes Wp Popup Banners 1.0.5
Accesspressthemes Wp Popup Banners 1.0.4
Accesspressthemes Wp Popup Banners 1.0.3
8.8
CVSSv3
CVE-2021-39317
A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.p...
Accesspressthemes Access Demo Importer
Accesspressthemes Eightstore-lite
Accesspressthemes Enlighten
Accesspressthemes Fotography
Accesspressthemes Opstore
Accesspressthemes Parallaxsome
Accesspressthemes Punte
Accesspressthemes Revolve
Accesspressthemes Ripple
Accesspressthemes Sakala
Accesspressthemes Scrollme
Accesspressthemes Storevilla
Accesspressthemes Swing-lite
Accesspressthemes The100
Accesspressthemes The-launcher
Accesspressthemes The-monday
Accesspressthemes Ultra-seven
Accesspressthemes Uncode-lite
Accesspressthemes Vmag
Accesspressthemes Vmagazine-lite
Accesspressthemes Vmagazine-news
Accesspressthemes Wpparallax
8.8
CVSSv3
CVE-2014-5072
Cross-site request forgery (CSRF) vulnerability in WP Security Audit Log plugin prior to 1.2.5 for WordPress allows remote malicious users to hijack the authentication of unspecified victims via unknown vectors.
Wpsecurityauditlog Wp Security Audit Log
8.8
CVSSv3
CVE-2015-2673
The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 up to and including 3.0.20 for WordPress allow remote malicious users to gain administrator privileges and execute arbitrary code via the opti...
Wpeasycart Wp Easycart 2.0.1
Wpeasycart Wp Easycart 1.2.16
Wpeasycart Wp Easycart 1.2.15
Wpeasycart Wp Easycart 1.2.14
Wpeasycart Wp Easycart 1.2.13
Wpeasycart Wp Easycart 1.2.12
Wpeasycart Wp Easycart 1.2.11
Wpeasycart Wp Easycart 1.2.10
Wpeasycart Wp Easycart 1.2.9
Wpeasycart Wp Easycart 1.2.8
Wpeasycart Wp Easycart 1.2.7
Wpeasycart Wp Easycart 1.2.6
Wpeasycart Wp Easycart 1.2.5
Wpeasycart Wp Easycart 1.2.4
Wpeasycart Wp Easycart 1.2.3
Wpeasycart Wp Easycart 1.2.2
Wpeasycart Wp Easycart 1.2.1
Wpeasycart Wp Easycart 1.2.0
Wpeasycart Wp Easycart 1.1.36
Wpeasycart Wp Easycart 1.1.35
Wpeasycart Wp Easycart 1.1.34
Wpeasycart Wp Easycart 1.1.33
8.8
CVSSv3
CVE-2014-9312
Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.
10web Photo Gallery 1.2.5
1 EDB exploit
7.5
CVSSv3
CVE-2024-0842
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated malicious...
Softaculous Backuply
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »