Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.3 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-24325
The tab parameter of the settings page of the 404 SEO Redirection WordPress plugin up to and including 1.3 is vulnerable to a reflected Cross-Site Scripting (XSS) issue as user input is not properly sanitised or escaped before being output in an attribute.
Clogica Seo Redirection Plugin
8.8
CVSSv3
CVE-2023-2330
The Caldera Forms Google Sheets Connector WordPress plugin prior to 1.3 does not have CSRF check when updating its Access Code, which could allow malicious users to make logged in admin change the access code to an arbitrary one via a CSRF attack
Gsheetconnector Caldera Forms Google Sheets Connector
NA
CVE-2011-5128
Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize plugin prior to 1.7.22 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the page parameter to (1) inc-options/deinstall_options.php, (2) inc-options/theme_options.php, or (3...
Bueltge Adminimize
Bueltge Adminimize 0.6.9
Bueltge Adminimize 0.7
Bueltge Adminimize 0.7.1
Bueltge Adminimize 0.7.2
Bueltge Adminimize 0.7.3
Bueltge Adminimize 0.7.5
Bueltge Adminimize 0.7.6
Bueltge Adminimize 0.7.7
Bueltge Adminimize 0.7.8
Bueltge Adminimize 0.7.9
Bueltge Adminimize 0.8
Bueltge Adminimize 0.8.1
Bueltge Adminimize 1.0
Bueltge Adminimize 1.1
Bueltge Adminimize 1.2
Bueltge Adminimize 1.3
Bueltge Adminimize 1.4
Bueltge Adminimize 1.4.1
Bueltge Adminimize 1.4.2
Bueltge Adminimize 1.4.3-6
Bueltge Adminimize 1.4.7
NA
CVE-2012-5853
SQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin prior to 1.3 for WordPress allows remote malicious users to execute arbitrary SQL commands via the srch_txt parameter in a &...
Ajax Search Project Ajax Search
6.5
CVSSv3
CVE-2021-24333
The Content Copy Protection & Prevent Image Save WordPress plugin up to and including 1.3 does not check for CSRF when saving its settings, not perform any validation and sanitisation on them, allowing malicious users to make a logged in administrator set arbitrary XSS payloa...
Content Copy Protection \\& Prevent Image Save Project Content Copy Protection \\& Prevent Image Save
5.4
CVSSv3
CVE-2023-0076
The Download Attachments WordPress plugin prior to 1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site S...
Dfactory Download Attachments
6.5
CVSSv3
CVE-2021-24324
The 404 SEO Redirection WordPress plugin up to and including 1.3 is lacking CSRF checks in all its settings, allowing malicious users to make a logged in user change the plugin's settings. Due to the lack of sanitisation and escaping in some fields, it could also lead to Sto...
Clogica All 404 Redirect To Homepage
6.5
CVSSv3
CVE-2021-24997
The WP Guppy WordPress plugin prior to 1.3 does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an ar...
Wp-guppy Wp Guppy
1 Github repository
NA
CVE-2015-3904
Multiple cross-site scripting (XSS) vulnerabilities in roomcloud.php in the Roomcloud plugin prior to 1.3 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) pin, (2) start_day, (3) start_month, (4) start_year, (5) end_day, (6) end_month,...
Roomcloud Roomcloud
NA
CVE-2013-3720
Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin prior to 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wp_post_id parameter.
Feedweb Feedweb 1.3.7
Feedweb Feedweb 1.3.6
Feedweb Feedweb 1.3.5
Feedweb Feedweb 1.3.4
Feedweb Feedweb 1.5.11
Feedweb Feedweb 1.5.12
Feedweb Feedweb 1.5.1
Feedweb Feedweb 1.5.10
Feedweb Feedweb 1.7
Feedweb Feedweb 1.7.3
Feedweb Feedweb 1.7.2
Feedweb Feedweb 1.8.7
Feedweb Feedweb 1.3.14
Feedweb Feedweb 1.3.13
Feedweb Feedweb 1.2.6
Feedweb Feedweb 1.2.5
Feedweb Feedweb 1.2.4
Feedweb Feedweb 1.2.11
Feedweb Feedweb 1.0.7
Feedweb Feedweb 1.0.8
Feedweb Feedweb 1.0.5
Feedweb Feedweb
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »