Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.3.3 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-24669
The MAZ Loader – Preloader Builder for WordPress plugin prior to 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injection.
Feataholic Maz Loader
8.8
CVSSv3
CVE-2021-39317
A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.p...
Accesspressthemes Access Demo Importer
Accesspressthemes Eightstore-lite
Accesspressthemes Enlighten
Accesspressthemes Fotography
Accesspressthemes Opstore
Accesspressthemes Parallaxsome
Accesspressthemes Punte
Accesspressthemes Revolve
Accesspressthemes Ripple
Accesspressthemes Sakala
Accesspressthemes Scrollme
Accesspressthemes Storevilla
Accesspressthemes Swing-lite
Accesspressthemes The100
Accesspressthemes The-launcher
Accesspressthemes The-monday
Accesspressthemes Ultra-seven
Accesspressthemes Uncode-lite
Accesspressthemes Vmag
Accesspressthemes Vmagazine-lite
Accesspressthemes Vmagazine-news
Accesspressthemes Wpparallax
6.1
CVSSv3
CVE-2021-38321
The Custom Menu Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selected_menu parameter found in the ~/custom-menus.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1.3.3.
Custom-sub-menus Project Custom-sub-menus
6.1
CVSSv3
CVE-2015-9500
The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js.
Exquisite Ultimate Newspaper Project Exquisite Ultimate Newspaper 1.3.3
7.5
CVSSv3
CVE-2017-11658
In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack.
Wp-rocket Wp-rocket 2.6.14
Wp-rocket Wp-rocket 2.0.4
Wp-rocket Wp-rocket 2.5.9
Wp-rocket Wp-rocket 2.0.0
Wp-rocket Wp-rocket 2.9.1
Wp-rocket Wp-rocket 2.7.3
Wp-rocket Wp-rocket 2.7.0
Wp-rocket Wp-rocket 2.8.5
Wp-rocket Wp-rocket 2.10.0
Wp-rocket Wp-rocket 2.3.9
Wp-rocket Wp-rocket 2.3.1
Wp-rocket Wp-rocket 2.8.11
Wp-rocket Wp-rocket 2.3.5
Wp-rocket Wp-rocket 2.9.6
Wp-rocket Wp-rocket 2.5.10
Wp-rocket Wp-rocket 2.6.9
Wp-rocket Wp-rocket 2.9.11
Wp-rocket Wp-rocket 2.8.3
Wp-rocket Wp-rocket 2.8.18
Wp-rocket Wp-rocket 2.6.13
Wp-rocket Wp-rocket 2.8.23
Wp-rocket Wp-rocket 2.6.6
NA
CVE-2014-9454
Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Sticky Footer plugin prior to 1.3.3 for WordPress allow remote malicious users to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct c...
Simple Sticky Footer Project Simple Sticky Footer
NA
CVE-2014-6445
Multiple cross-site scripting (XSS) vulnerabilities in includes/toAdmin.php in Contact Form 7 Integrations plugin 1.0 up to and including 1.3.10 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) uE or (2) uC parameter.
Contactus Contact Form 7 Integrations 1.3.7
Contactus Contact Form 7 Integrations 1.3.5
Contactus Contact Form 7 Integrations 1.3.9
Contactus Contact Form 7 Integrations 1.3.4
Contactus Contact Form 7 Integrations 1.3
Contactus Contact Form 7 Integrations 1.3.8
Contactus Contact Form 7 Integrations 1.3.3
Contactus Contact Form 7 Integrations 1.3.2
Contactus Contact Form 7 Integrations 1.3.10
Contactus Contact Form 7 Integrations 1.3.1
Contactus Contact Form 7 Integrations 1.3.6
NA
CVE-2013-3257
Cross-site request forgery (CSRF) vulnerability in the Related Posts plugin prior to 2.7.2 for WordPress allows remote malicious users to hijack the authentication of users for requests that modify settings via unspecified vectors.
Zemanta Related Posts
Zemanta Related Posts 2.5.1
Zemanta Related Posts 1.3
Zemanta Related Posts 2.3
Zemanta Related Posts 2.6
Zemanta Related Posts 1.3.2
Zemanta Related Posts 1.3.1
Zemanta Related Posts 1.5
Zemanta Related Posts 1.1
Zemanta Related Posts 1.0
Zemanta Related Posts 1.8
Zemanta Related Posts 1.8.1
Zemanta Related Posts 2.4.1
Zemanta Related Posts 1.6
Zemanta Related Posts 1.7
Zemanta Related Posts 1.2
Zemanta Related Posts 1.3.3
Zemanta Related Posts 2.7
Zemanta Related Posts 1.4
NA
CVE-2013-3476
Cross-site request forgery (CSRF) vulnerability in the WordPress Related Posts plugin prior to 2.6.2 for WordPress allows remote malicious users to hijack the authentication of users for requests that change settings via unspecified vectors.
Zemanta Related Posts 2.5.1
Zemanta Related Posts 1.3
Zemanta Related Posts 2.3
Zemanta Related Posts 1.3.2
Zemanta Related Posts 1.3.1
Zemanta Related Posts 1.5
Zemanta Related Posts 1.1
Zemanta Related Posts 1.0
Zemanta Related Posts 1.8
Zemanta Related Posts
Zemanta Related Posts 1.8.1
Zemanta Related Posts 2.4.1
Zemanta Related Posts 1.6
Zemanta Related Posts 1.7
Zemanta Related Posts 1.2
Zemanta Related Posts 1.3.3
Zemanta Related Posts 1.4
NA
CVE-2013-2698
Cross-site request forgery (CSRF) vulnerability in the Calendar plugin prior to 1.3.3 for WordPress allows remote malicious users to hijack the authentication of users for requests that add a calendar entry via unspecified vectors.
Kieranoshea Calendar
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »