Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.6.2 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-0909
The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts/pages that protections are being place on. This makes it possible ...
Tarassych Anonymous Restricted Content
NA
CVE-2022-41839
Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings.
Wpbrigade Loginpress
NA
CVE-2022-3537
The Role Based Pricing for WooCommerce WordPress plugin prior to 1.6.2 does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHP
Addify Role Based Pricing For Woocommerce
NA
CVE-2022-2535
The SearchWP Live Ajax Search WordPress plugin prior to 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink
Searchwp Searchwp Live Ajax Search
NA
CVE-2021-244051
WordPress Easy Cookie Policy plugin version 1.6.2 suffers from persistent cross site scripting vulnerability due to a broken access control.
6.8
CVSSv2
CVE-2021-42358
The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the ~/cfwc-form.php file during contact form submission, which made it possible for malicious users to inject arbitrary web scripts in versions up to, and...
Contact Form With Captcha Project Contact Form With Captcha
4
CVSSv2
CVE-2021-24405
The Easy Cookies Policy WordPress plugin up to and including 1.6.2 is lacking any capability and CSRF check when saving its settings, allowing any authenticated users (such as subscriber) to change them. If users can't register, this can be done through CSRF. Furthermore, th...
Izsoft Easy Cookies Policy
3.5
CVSSv2
CVE-2021-24313
The WP Prayer WordPress plugin prior to 1.6.2 provides the functionality to store requested prayers/praises and list them on a WordPress website. These stored prayer/praise requests can be listed by using the WP Prayer engine. An authenticated WordPress user with any role can fil...
Goprayer Wp Prayer
7.8
CVSSv2
CVE-2015-9455
The buddypress-activity-plus plugin prior to 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action.
Incsub Buddypress-activity-plus
6.5
CVSSv2
CVE-2015-9449
The microblog-poster plugin prior to 1.6.2 for WordPress has SQL Injection via the wp-admin/options-general.php?page=microblogposter.php account_id parameter.
Efficientscripts Microblog Poster
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »