Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.3 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2019-25150
The Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.3. This makes it possible for malicious users to present phishing forms or conduct cross-site request forgery attacks against site administrators.
Wpexperts Email Templates
NA
CVE-2023-2330
The Caldera Forms Google Sheets Connector WordPress plugin prior to 1.3 does not have CSRF check when updating its Access Code, which could allow malicious users to make logged in admin change the access code to an arbitrary one via a CSRF attack
Gsheetconnector Caldera Forms Google Sheets Connector
4.3
CVSSv2
CVE-2021-24325
The tab parameter of the settings page of the 404 SEO Redirection WordPress plugin up to and including 1.3 is vulnerable to a reflected Cross-Site Scripting (XSS) issue as user input is not properly sanitised or escaped before being output in an attribute.
Clogica Seo Redirection Plugin
7.5
CVSSv2
CVE-2012-5853
SQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin prior to 1.3 for WordPress allows remote malicious users to execute arbitrary SQL commands via the srch_txt parameter in a &...
Ajax Search Project Ajax Search
4.3
CVSSv2
CVE-2021-24333
The Content Copy Protection & Prevent Image Save WordPress plugin up to and including 1.3 does not check for CSRF when saving its settings, not perform any validation and sanitisation on them, allowing malicious users to make a logged in administrator set arbitrary XSS payloa...
Content Copy Protection & Prevent Image Save Project Content Copy Protection & Prevent Image Save
NA
CVE-2023-0076
The Download Attachments WordPress plugin prior to 1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site S...
Dfactory Download Attachments
3.5
CVSSv2
CVE-2013-3720
Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin prior to 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wp_post_id parameter.
Feedweb Feedweb
Feedweb Feedweb 1.0.4
Feedweb Feedweb 1.0.5
Feedweb Feedweb 1.0.6
Feedweb Feedweb 1.0.7
Feedweb Feedweb 1.0.8
Feedweb Feedweb 1.1.1
Feedweb Feedweb 1.1.4
Feedweb Feedweb 1.1.5
Feedweb Feedweb 1.1.6
Feedweb Feedweb 1.1.7
Feedweb Feedweb 1.1.9
Feedweb Feedweb 1.2
Feedweb Feedweb 1.2.1
Feedweb Feedweb 1.2.2
Feedweb Feedweb 1.2.3
Feedweb Feedweb 1.2.4
Feedweb Feedweb 1.2.5
Feedweb Feedweb 1.2.6
Feedweb Feedweb 1.2.7
Feedweb Feedweb 1.2.8
Feedweb Feedweb 1.2.9
4.3
CVSSv2
CVE-2021-24324
The 404 SEO Redirection WordPress plugin up to and including 1.3 is lacking CSRF checks in all its settings, allowing malicious users to make a logged in user change the plugin's settings. Due to the lack of sanitisation and escaping in some fields, it could also lead to Sto...
Clogica All 404 Redirect To Homepage
6.4
CVSSv2
CVE-2021-24997
The WP Guppy WordPress plugin prior to 1.3 does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an ar...
Wp-guppy Wp Guppy
1 Github repository
4.3
CVSSv2
CVE-2015-3904
Multiple cross-site scripting (XSS) vulnerabilities in roomcloud.php in the Roomcloud plugin prior to 1.3 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) pin, (2) start_day, (3) start_month, (4) start_year, (5) end_day, (6) end_month,...
Roomcloud Roomcloud
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »