Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.4 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-6390
The WordPress Users WordPress plugin up to and including 1.4 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack.
Jonathonkemp Wordpress Users
NA
CVE-2014-9341
Multiple cross-site request forgery (CSRF) vulnerabilities in the yURL ReTwitt plugin 1.4 and previous versions for WordPress allow remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) yurl_...
Yurl Retwitt Project Yurl Retwitt 1.4
NA
CVE-2008-4732
SQL injection vulnerability in ajax_comments.php in the WP Comment Remix plugin prior to 1.4.4 for WordPress allows remote malicious users to execute arbitrary SQL commands via the p parameter.
Pressography Wp Comment Remix Plugin
Pressography Wp Comment Remix Plugin 1.4
1 EDB exploit
NA
CVE-2012-1835
Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) befor...
Timely All-in-one Event Calendar 1.5
Timely All-in-one Event Calendar 1.4
4 EDB exploits
NA
CVE-2011-3865
Cross-site scripting (XSS) vulnerability in the Black-LetterHead theme prior to 1.6 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to index.php.
Ulyssesonline Black-letterhead
Ulyssesonline Black-letterhead 1.1
Ulyssesonline Black-letterhead 1.2
Ulyssesonline Black-letterhead 1.3
Ulyssesonline Black-letterhead 1.4
1 EDB exploit
NA
CVE-2014-5460
Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin prior to 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-ga...
Tribulant Tibulant Slideshow Gallery 1.4.4
Tribulant Tibulant Slideshow Gallery 1.4.5
Tribulant Tibulant Slideshow Gallery
Tribulant Tibulant Slideshow Gallery 1.4.2
Tribulant Tibulant Slideshow Gallery 1.4.3
Tribulant Tibulant Slideshow Gallery 1.4
Tribulant Tibulant Slideshow Gallery 1.4.1
2 EDB exploits
6.1
CVSSv3
CVE-2015-1000004
XSS in filedownload v1.4 wordpress plugin
Filedownload Project Filedownload 1.4
8.2
CVSSv3
CVE-2015-1000002
Open Proxy in filedownload v1.4 wordpress plugin
Filedownload Project Filedownload 1.4
9.8
CVSSv3
CVE-2015-1000003
Blind SQL Injection in filedownload v1.4 wordpress plugin
Filedownload Project Filedownload 1.4
8.8
CVSSv3
CVE-2013-2109
WordPress plugin wp-cleanfix has Remote Code Execution
Undolog Wp Cleanfix 1.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »