Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.2.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-2654
The Conditional Menus WordPress plugin prior to 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Themify Conditional Menus
668
VMScore
CVE-2014-3937
SQL injection vulnerability in the Contextual Related Posts plugin prior to 1.8.10.2 for WordPress allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Ajaydsouza Contextual Related Posts 1.8.4
Ajaydsouza Contextual Related Posts 1.3
Ajaydsouza Contextual Related Posts 1.5.1
Ajaydsouza Contextual Related Posts 1.2.1
Ajaydsouza Contextual Related Posts 1.8.6
Ajaydsouza Contextual Related Posts 1.6.1
Ajaydsouza Contextual Related Posts 1.8.8
Ajaydsouza Contextual Related Posts 1.7.2
Ajaydsouza Contextual Related Posts 1.1.1
Ajaydsouza Contextual Related Posts 1.2.2
Ajaydsouza Contextual Related Posts 1.1
Ajaydsouza Contextual Related Posts 1.8.9
Ajaydsouza Contextual Related Posts 1.6
Ajaydsouza Contextual Related Posts 1.8.9.1
Ajaydsouza Contextual Related Posts 1.8.1
Ajaydsouza Contextual Related Posts 1.4
Ajaydsouza Contextual Related Posts 1.7.3
Ajaydsouza Contextual Related Posts 1.0
Ajaydsouza Contextual Related Posts 1.6.4
Ajaydsouza Contextual Related Posts 1.5
Ajaydsouza Contextual Related Posts 1.8.7
Ajaydsouza Contextual Related Posts 1.6.3
NA
CVE-2023-2813
All of the above Aapna WordPress theme up to and including 1.3, Anand WordPress theme up to and including 1.2, Anfaust WordPress theme up to and including 1.1, Arendelle WordPress theme prior to 1.1.13, Atlast Business WordPress theme up to and including 1.5.8.5, Bazaar Lite Word...
Saumendra Aapna
Saumendra Anand
Thewebhunter Anfaust
Deothemes Arendelle
Archimidismertzanos Atlast Business
Themeinprogress Bazaar Lite
Arthousewebdesign Brain Power
Yws Bunnypress Lite
Ayecode Cafe Bistro
Ayecode College
Omarfolgheraiter Digitally
Henleythemes Counterpoint
Ajaydsouza Connections Reloaded
Competethemes Drop
Ayecode Directory
Deothemes Everse
Archimidismertzanos Fashionable Store
Marchettidesign Fullbase
Dotecsa Ilex
Jinwen Js O3 Lite
Climaxthemes Kata
Jinwen Js Paper
801
VMScore
CVE-2021-24453
The Include Me WordPress plugin up to and including 1.2.1 is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution (RCE) of the system due to log poisoning and therefore potentially a full compromise of the underlying structure
Include Me Project Include Me
668
VMScore
CVE-2013-6243
SQL injection vulnerability in the Landing Pages plugin 1.2.3, prior to 20131009, and previous versions for WordPress allows remote malicious users to execute arbitrary SQL commands via the "post" parameter to index.php.
Landing Pages Project Landing Pages Plugin 1.0.5.3
Landing Pages Project Landing Pages Plugin 1.0.7.9
Landing Pages Project Landing Pages Plugin 1.0.8.4
Landing Pages Project Landing Pages Plugin 1.0.7.3
Landing Pages Project Landing Pages Plugin 1.1
Landing Pages Project Landing Pages Plugin 1.1.0.1
Landing Pages Project Landing Pages Plugin 1.1.7
Landing Pages Project Landing Pages Plugin 1.0.4.1
Landing Pages Project Landing Pages Plugin 1.0.4.2
Landing Pages Project Landing Pages Plugin 1.0.9.4
Landing Pages Project Landing Pages Plugin 1.0.8.1
Landing Pages Project Landing Pages Plugin 1.0.3.9
Landing Pages Project Landing Pages Plugin 1.0.4.4
Landing Pages Project Landing Pages Plugin 1.2.1
Landing Pages Project Landing Pages Plugin 1.0.5.1
Landing Pages Project Landing Pages Plugin 1.0.5.6
Landing Pages Project Landing Pages Plugin 1.1.9
Landing Pages Project Landing Pages Plugin 1.0.9.3
Landing Pages Project Landing Pages Plugin 1.1.8
Landing Pages Project Landing Pages Plugin 1.0.3.8
Landing Pages Project Landing Pages Plugin 1.0.9.0
Landing Pages Project Landing Pages Plugin 1.0.9.9
1 Github repository
445
VMScore
CVE-2012-6512
The Organizer plugin 1.2.1 for WordPress allows remote malicious users to obtain the installation path via unspecified vectors to (1) plugin_hook.php, (2) page/index.php, (3) page/dir.php (4) page/options.php, (5) page/resize.php, (6) page/upload.php, (7) page/users.php, or (8) p...
Organizer Project Organizer
668
VMScore
CVE-2009-2144
SQL injection vulnerability in the FireStats plugin prior to 1.6.2-stable for WordPress allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Edgewall Firestats
Edgewall Firestats 0.9.0-beta
Edgewall Firestats 0.9.1-beta
Edgewall Firestats 0.9.2-beta
Edgewall Firestats 0.9.3-beta
Edgewall Firestats 0.9.4-beta
Edgewall Firestats 0.9.5-beta
Edgewall Firestats 0.9.6-beta
Edgewall Firestats 0.9.7-beta
Edgewall Firestats 0.9.8-beta
Edgewall Firestats 0.9.9
Edgewall Firestats 1.0
Edgewall Firestats 1.0.0
Edgewall Firestats 1.0.1
Edgewall Firestats 1.0.2
Edgewall Firestats 1.1.1
Edgewall Firestats 1.1.2
Edgewall Firestats 1.1.3
Edgewall Firestats 1.1.4
Edgewall Firestats 1.1.5
Edgewall Firestats 1.1.6
Edgewall Firestats 1.1.7
668
VMScore
CVE-2009-2143
PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin prior to 1.6.2-stable for WordPress allows remote malicious users to execute arbitrary PHP code via a URL in the fs_javascript parameter.
Firestats Firestats
Firestats Firestats 0.9.0-beta
Firestats Firestats 0.9.1-beta
Firestats Firestats 0.9.2-beta
Firestats Firestats 0.9.3-beta
Firestats Firestats 0.9.4-beta
Firestats Firestats 0.9.5-beta
Firestats Firestats 0.9.6-beta
Firestats Firestats 0.9.7-beta
Firestats Firestats 0.9.8-beta
Firestats Firestats 0.9.9
Firestats Firestats 1.0
Firestats Firestats 1.0.0
Firestats Firestats 1.0.1
Firestats Firestats 1.0.2
Firestats Firestats 1.1.1
Firestats Firestats 1.1.2
Firestats Firestats 1.1.3
Firestats Firestats 1.1.4
Firestats Firestats 1.1.5
Firestats Firestats 1.1.6
Firestats Firestats 1.1.7
NA
CVE-2024-0906
The f(x) Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the API. This makes it possible for unauthenticated malicious users to obtain page and post contents of a site protected with this plugin.
NA
CVE-2024-3755
The MF Gig Calendar WordPress plugin up to and including 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for examp...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »