Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.2.4 vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2021-25068
The Sync WooCommerce Product feed to Google Shopping WordPress plugin up to and including 1.2.4 uses the 'feed_id' POST parameter which is not properly sanitized for use in a SQL statement, leading to a SQL injection vulnerability in the admin dashboard
Dpl Sync Woocommerce Product Feed To Google Shopping
5.4
CVSSv3
CVE-2021-24958
The Meks Easy Photo Feed Widget WordPress plugin prior to 1.2.4 does not have capability and CSRF checks in the meks_save_business_selected_account AJAX action, available to any authenticated user, and does not escape some of the settings. As a result, any authenticated user, suc...
Mekshq Meks Easy Photo Feed Widget
6.1
CVSSv3
CVE-2021-25079
The Contact Form Entries WordPress plugin prior to 1.2.4 does not sanitise and escape various parameters, such as form_id, status, end_date, order, orderby and search before outputting them back in the admin page
Crmperks Contact Form Entries
5.4
CVSSv3
CVE-2021-24729
The Logo Showcase with Slick Slider WordPress plugin prior to 1.2.4 does not sanitise the Grid Settings, which could allow users with a role as low as Author to perform stored Cross-Site Scripting attacks via post metadata of Grid logo showcase.
Infornweb Logo Showcase With Slick Slider
NA
CVE-2021-242741
WordPress Ultimate Maps plugin version 1.2.4 suffers from a cross site scripting vulnerability.
5.5
CVSSv3
CVE-2021-24445
The My Site Audit WordPress plugin up to and including 1.2.4 does not sanitise or escape the Audit Name field when creating an audit, allowing high privilege users to set JavaScript payloads in them, even when he unfiltered_html capability is disallowed, leading to an authenticat...
Draftpress My Site Audit
6.5
CVSSv3
CVE-2021-24238
The Realteo WordPress plugin prior to 1.2.4, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users to delete arbitrary properties by tampering with the property_id parameter.
Purethemes Findeo
Purethemes Realteo
6.1
CVSSv3
CVE-2021-24237
The Realteo WordPress plugin prior to 1.2.4, used by the Findeo Theme, did not properly sanitise the keyword_search, search_radius. _bedrooms and _bathrooms GET parameters before outputting them in its properties page, leading to an unauthenticated reflected Cross-Site Scripting ...
Purethemes Findeo
Purethemes Realteo
4.3
CVSSv3
CVE-2021-24207
By default, the WP Page Builder WordPress plugin prior to 1.2.4 allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages.
Themeum Wp Page Builder
5.4
CVSSv3
CVE-2021-24208
The editor of the WP Page Builder WordPress plugin prior to 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom HTML” widgets (though the custom HTML widget requires send...
Themeum Wp Page Builder
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »