Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.2 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-38340
The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the update_row parameter found in the ~/includes/add_product.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1.2.
Wordpress Simple Shop Project Wordpress Simple Shop
4.3
CVSSv2
CVE-2021-34651
The Scribble Maps WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the map parameter in the ~/includes/admin.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1.2.
Scribblemaps Scribble Maps
4.3
CVSSv2
CVE-2020-11022
In jQuery versions greater than or equal to 1.2 and prior to 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuer...
Jquery Jquery
Drupal Drupal
Debian Debian Linux 9.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Oracle Weblogic Server 12.1.3.0.0
Oracle Jdeveloper 11.1.1.9.0
Oracle Retail Back Office 14.1
Oracle Retail Back Office 14.0
Oracle Peoplesoft Enterprise Peopletools 8.56
Oracle Weblogic Server 10.3.6.0.0
Oracle Communications Webrtc Session Controller 7.2
Oracle Weblogic Server 12.2.1.3.0
Oracle Agile Product Lifecycle Management For Process 6.2.0.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Application Testing Suite 13.3.0.1
Oracle Retail Returns Management 14.0
Oracle Retail Returns Management 14.1
Oracle Jdeveloper 12.2.1.3.0
Oracle Policy Automation Connector For Siebel 10.4.6
Oracle Financial Services Market Risk Measurement And Management 8.0.6
13 Github repositories
4.3
CVSSv2
CVE-2015-9443
The accurate-form-data-real-time-form-validation plugin 1.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=Accu_Data_WP.
Wp Accurate Form Data Project Wp Accurate Form Data 1.2
4.3
CVSSv2
CVE-2016-10976
The safe-editor plugin prior to 1.2 for WordPress has no se_save authentication, with resultant XSS.
Kodebyraaet Safe Editor
4.3
CVSSv2
CVE-2016-10984
The echosign plugin prior to 1.2 for WordPress has XSS via the inc.php page parameter.
Smackcoders Echo Sign
4.3
CVSSv2
CVE-2016-10985
The echosign plugin prior to 1.2 for WordPress has XSS via the templates/add_templates.php id parameter.
Smackcoders Echo Sign
4.3
CVSSv2
CVE-2017-14751
The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to the Job Qualification field.
Intensewp Wp Jobs 1.5
Intensewp Wp Jobs 1.1
Intensewp Wp Jobs 1.3
Intensewp Wp Jobs 1.0
Intensewp Wp Jobs 1.2
Intensewp Wp Jobs 1.4
4.3
CVSSv2
CVE-2017-5942
An issue exists in the WP Mail plugin prior to 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail.
Wp Mail Project Wp Mail
4.3
CVSSv2
CVE-2014-9100
Cross-site scripting (XSS) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the idcode parameter in the whydowork_adsense page to wp-admin/options-general.php.
Whydowork Adsense Project Whydowork Adsense 1.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »