Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.1.1 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2022-0479
The Popup Builder WordPress plugin prior to 4.1.1 does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a SQL statement in the All Subscribers admin dashboard, leading to a SQL injection, which could also be used to perform Reflected Cross-Site ...
Sygnoos Popup Builder
5.1
CVSSv2
CVE-2008-4107
The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows malicious users to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset funct...
Php Php 4.4.7
Php Php 4.3.9
Php Php 4.3.8
Php Php 4.3.11
Php Php 4.3.10
Php Php 4.2.1
Php Php 4.0
Php Php 4.0.4
Php Php 4.0.3
Php Php 4.4.6
Php Php 4.4.5
Php Php 4.3.7
Php Php 4.3.6
Php Php 4.3.1
Php Php 4.3.0
Php Php 4.1.0
Php Php 4.1.2
Php Php 4.0.7
Php Php 4.0.2
Php Php 4.0.1
Php Php 4.4.1
Php Php 4.4.0
5
CVSSv2
CVE-2016-11006
The wp-invoice plugin prior to 4.1.1 for WordPress has incorrect access control for admin_init settings changes.
Usabilitydynamics Wp-invoice
5
CVSSv2
CVE-2016-11007
The wp-invoice plugin prior to 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.
Usabilitydynamics Wp-invoice
5
CVSSv2
CVE-2016-11008
The wp-invoice plugin prior to 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates.
Usabilitydynamics Wp-invoice
5
CVSSv2
CVE-2016-11009
The wp-invoice plugin prior to 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates.
Usabilitydynamics Wp-invoice
5
CVSSv2
CVE-2016-11010
The wp-invoice plugin prior to 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates.
Usabilitydynamics Wp-invoice
5
CVSSv2
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Wordpress Wordpress 4.7.1
Wordpress Wordpress 4.7.2
Wordpress Wordpress 4.6.6
Wordpress Wordpress 4.6.5
Wordpress Wordpress 4.6.4
Wordpress Wordpress 4.5.7
Wordpress Wordpress 4.5.6
Wordpress Wordpress 4.5
Wordpress Wordpress 4.4.9
Wordpress Wordpress 4.4.11
Wordpress Wordpress 4.4.10
Wordpress Wordpress 4.3.5
Wordpress Wordpress 4.3.4
Wordpress Wordpress 4.3
Wordpress Wordpress 4.2.9
Wordpress Wordpress 4.2.16
Wordpress Wordpress 4.2.15
Wordpress Wordpress 4.2
Wordpress Wordpress 4.1.9
Wordpress Wordpress 4.1.2
Wordpress Wordpress 4.1.19
Wordpress Wordpress 4.1.11
2 Github repositories
4.3
CVSSv2
CVE-2022-1724
The Simple Membership WordPress plugin prior to 4.1.1 does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Reflected Cross-Site Scripting
Simple-membership-plugin Simple Membership
4.3
CVSSv2
CVE-2021-24466
The Verse-O-Matic WordPress plugin up to and including 4.1.1 does not have any CSRF checks in place, allowing malicious users to make logged in administrators do unwanted actions, such as add/edit/delete arbitrary verses and change the settings. Due to the lack of sanitisation in...
Verse-o-matic Project Verse-o-matic
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »