Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.6 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-25594
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Savvy Wordpress Development MyWaze allows Stored XSS.This issue affects MyWaze: from n/a up to and including 1.6.
NA
CVE-2023-7167
The Persian Fonts WordPress plugin up to and including 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in...
5.4
CVSSv3
CVE-2023-46066
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Codedrafty Mediabay – Media Library Folders plugin <= 1.6 versions.
Codedraft Mediabay - Wordpress Media Library Folders
5.4
CVSSv3
CVE-2023-4838
The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'before' and ...
Plugin-planet Simple Download Counter
5.4
CVSSv3
CVE-2023-1403
The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 5.0.7. This makes it possible for authenticated attackers with contributor-level and above permissions to ...
Weavertheme Weaver Xtreme Theme
5.4
CVSSv3
CVE-2023-1404
The Weaver Show Posts Plugin for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 1.6. This makes it possible for authenticated attackers with contributor-level and above permissions ...
Weavertheme Weaver Show Posts
4.8
CVSSv3
CVE-2023-0423
The WordPress Amazon S3 Plugin WordPress plugin prior to 1.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Wordpress Amazon S3 Project Wordpress Amazon S3
4.8
CVSSv3
CVE-2022-3831
The reCAPTCHA WordPress plugin up to and including 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in mul...
Recaptcha Project Recaptcha
6.1
CVSSv3
CVE-2022-2181
The Advanced WordPress Reset WordPress plugin prior to 1.6 does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting
Sigmaplugin Advanced Wordpress Reset
5.4
CVSSv3
CVE-2017-20108
A vulnerability classified as problematic has been found in Easy Table Plugin 1.6. This affects an unknown part of the file /wordpress/wp-admin/options-general.php. The manipulation with the input "><script>alert(1)</script> leads to basic cross site scripting...
Easy Table Project Easy Table
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »