Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web-dorado vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2014-8584
Cross-site scripting (XSS) vulnerability in the Web Dorado Spider Video Player (aka WordPress Video Player) plugin prior to 1.5.2 for WordPress allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Web-dorado Web-dorado Spider Video Player 1.4.7
Web-dorado Web-dorado Spider Video Player 1.5.1
Web-dorado Web-dorado Spider Video Player 1.4.9
Web-dorado Web-dorado Spider Video Player 1.5
Web-dorado Web-dorado Spider Video Player 1.4.8
436
VMScore
CVE-2015-4351
The Spider Video Player module for Drupal allows remote authenticated users with the "access Spider Video Player administration" permission to delete arbitrary files via a crafted URL.
Web-dorado Web-dorado Spider Video Player
516
VMScore
CVE-2015-4352
Cross-site request forgery (CSRF) vulnerability in the Spider Video Player module for Drupal allows remote malicious users to hijack the authentication of administrators for requests that delete videos via unspecified vectors.
Web-dorado Web-dorado Spider Video Player -
578
VMScore
CVE-2021-24625
The SpiderCatalog WordPress plugin up to and including 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category
Web-dorado Spidercatalog
NA
CVE-2023-48320
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebDorado SpiderVPlayer allows Stored XSS.This issue affects SpiderVPlayer: from n/a up to and including 1.5.22.
Web-dorado Spidervplayer
NA
CVE-2023-46090
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WebDorado WDSocialWidgets plugin <= 1.0.15 versions.
Web-dorado Wdsocialwidgets
NA
CVE-2023-45632
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WebDorado SpiderVPlayer plugin <= 1.5.22 versions.
Web-dorado Spidervplayer
NA
CVE-2023-46619
Cross-Site Request Forgery (CSRF) vulnerability in WebDorado WDSocialWidgets plugin <= 1.0.15 versions.
Web-dorado Wdsocialwidgets
685
VMScore
CVE-2018-10504
The WebDorado "Form Maker by WD" plugin prior to 1.12.24 for WordPress allows CSV injection.
Web-dorado Form Maker
1 EDB exploit
605
VMScore
CVE-2019-11591
The WebDorado Contact Form plugin prior to 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET...
Web-dorado Contact Form
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »