Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.5.1 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-4888
The Simple Like Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sfp-page-plugin' shortcode in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it po...
Illia Simple Like Page
6.1
CVSSv3
CVE-2023-2813
All of the above Aapna WordPress theme up to and including 1.3, Anand WordPress theme up to and including 1.2, Anfaust WordPress theme up to and including 1.1, Arendelle WordPress theme prior to 1.1.13, Atlast Business WordPress theme up to and including 1.5.8.5, Bazaar Lite Word...
Saumendra Aapna
Saumendra Anand
Thewebhunter Anfaust
Deothemes Arendelle
Archimidismertzanos Atlast Business
Themeinprogress Bazaar Lite
Arthousewebdesign Brain Power
Yws Bunnypress Lite
Ayecode Cafe Bistro
Ayecode College
Omarfolgheraiter Digitally
Henleythemes Counterpoint
Ajaydsouza Connections Reloaded
Competethemes Drop
Ayecode Directory
Deothemes Everse
Archimidismertzanos Fashionable Store
Marchettidesign Fullbase
Dotecsa Ilex
Jinwen Js O3 Lite
Climaxthemes Kata
Jinwen Js Paper
6.1
CVSSv3
CVE-2023-2362
The Float menu WordPress plugin prior to 5.0.2, Bubble Menu WordPress plugin prior to 3.0.4, Button Generator WordPress plugin prior to 2.3.5, Calculator Builder WordPress plugin prior to 1.5.1, Counter Box WordPress plugin prior to 1.2.2, Floating Button WordPress plugin prior t...
Wow-company Button Generator
Wow-company Bubble Menu
Wow-company Float Menu
Wow-company Wp Coder
Wow-company Wow Skype Buttons
Wow-company Sticky Buttons
Wow-company Side Menu Lite
Wow-company Herd Effects
Wow-company Floating Button
Wow-company Counter Box
Wow-company Calculator-builder
Wow-company Popup Box
9.8
CVSSv3
CVE-2020-36727
The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1. This is due to unsanitized input from the 'customFieldsDetails' parameter being passed through a deserialization function. This potentially mak...
Xyzscripts Newsletter Manager
8.8
CVSSv3
CVE-2022-47161
Cross-Site Request Forgery (CSRF) vulnerability in The WordPress.Org community Health Check & Troubleshooting plugin <= 1.5.1 versions.
Wordpress Health Check & Troubleshooting
5.4
CVSSv3
CVE-2022-4715
The Structured Content WordPress plugin prior to 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be us...
Wpsc-plugin Structured Content
8.8
CVSSv3
CVE-2022-42699
Auth. Remote Code Execution vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress.
Wp-ecommerce Easy Wp Smtp
6.5
CVSSv3
CVE-2022-45833
Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress.
Wp-ecommerce Easy Wp Smtp
8.1
CVSSv3
CVE-2022-45829
Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 at WordPress.
Wp-ecommerce Easy Wp Smtp
4.8
CVSSv3
CVE-2022-3839
The Analytics for WP WordPress plugin up to and including 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for examp...
Analytics For Wp Project Analytics For Wp
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »