Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.3 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-0076
The Download Attachments WordPress plugin prior to 1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site S...
Dfactory Download Attachments
4.3
CVSSv3
CVE-2022-3850
The Find and Replace All WordPress plugin prior to 1.3 does not have CSRF check when replacing string, which could allow malicious users to make a logged admin replace arbitrary string in database tables via a CSRF attack
Find And Replace All Project Find And Replace All
6.1
CVSSv3
CVE-2022-2311
The Find and Replace All WordPress plugin prior to 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue.
Find And Replace All Project Find And Replace All
4.3
CVSSv3
CVE-2022-1956
The Shortcut Macros WordPress plugin up to and including 1.3 does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to update them.
Shortcut Macros Project Shortcut Macros
4.8
CVSSv3
CVE-2022-2093
The WP Duplicate Page WordPress plugin prior to 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
Ninjateam Wp Duplicate Page
6.1
CVSSv3
CVE-2022-1267
The BMI BMR Calculator WordPress plugin up to and including 1.3 does not sanitise and escape arbitrary POST data before outputting it back in the response, leading to a Reflected Cross-Site Scripting
Bmi Bmr Calculator Project Bmi Bmr Calculator
7.2
CVSSv3
CVE-2021-24777
The view submission functionality in the Hotscot Contact Form WordPress plugin prior to 1.3 makes a get request with the sub_id parameter which not sanitised, escaped or validated before inserting to a SQL statement, leading to an SQL injection.
Hotscot Contact Form
6.5
CVSSv3
CVE-2021-24997
The WP Guppy WordPress plugin prior to 1.3 does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an ar...
Wp-guppy Wp Guppy
1 Github repository
6.5
CVSSv3
CVE-2020-36505
The Delete All Comments Easily WordPress plugin up to and including 1.3 is lacking Cross-Site Request Forgery (CSRF) checks, which could result in an unauthenticated attacker making a logged in admin delete all comments from the blog.
Delete All Comments Easily Project Delete All Comments Easily
8.8
CVSSv3
CVE-2021-39317
A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.p...
Accesspressthemes Access Demo Importer
Accesspressthemes Eightstore-lite
Accesspressthemes Enlighten
Accesspressthemes Fotography
Accesspressthemes Opstore
Accesspressthemes Parallaxsome
Accesspressthemes Punte
Accesspressthemes Revolve
Accesspressthemes Ripple
Accesspressthemes Sakala
Accesspressthemes Scrollme
Accesspressthemes Storevilla
Accesspressthemes Swing-lite
Accesspressthemes The100
Accesspressthemes The-launcher
Accesspressthemes The-monday
Accesspressthemes Ultra-seven
Accesspressthemes Uncode-lite
Accesspressthemes Vmag
Accesspressthemes Vmagazine-lite
Accesspressthemes Vmagazine-news
Accesspressthemes Wpparallax
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-38627
CVE-2022-45803
CVE-2024-38319
camera
template injection
CVE-2024-27801
CVE-2024-0762
CVE-2024-5791
unauthorized
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »