Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.4 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-6390
The WordPress Users WordPress plugin up to and including 1.4 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack.
Jonathonkemp Wordpress Users
605
VMScore
CVE-2014-9341
Multiple cross-site request forgery (CSRF) vulnerabilities in the yURL ReTwitt plugin 1.4 and previous versions for WordPress allow remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) yurl_...
Yurl Retwitt Project Yurl Retwitt 1.4
755
VMScore
CVE-2008-4732
SQL injection vulnerability in ajax_comments.php in the WP Comment Remix plugin prior to 1.4.4 for WordPress allows remote malicious users to execute arbitrary SQL commands via the p parameter.
Pressography Wp Comment Remix Plugin
Pressography Wp Comment Remix Plugin 1.4
1 EDB exploit
450
VMScore
CVE-2012-1835
Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) befor...
Timely All-in-one Event Calendar 1.5
Timely All-in-one Event Calendar 1.4
4 EDB exploits
435
VMScore
CVE-2011-3865
Cross-site scripting (XSS) vulnerability in the Black-LetterHead theme prior to 1.6 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to index.php.
Ulyssesonline Black-letterhead
Ulyssesonline Black-letterhead 1.1
Ulyssesonline Black-letterhead 1.2
Ulyssesonline Black-letterhead 1.3
Ulyssesonline Black-letterhead 1.4
1 EDB exploit
660
VMScore
CVE-2014-5460
Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin prior to 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-ga...
Tribulant Tibulant Slideshow Gallery 1.4.4
Tribulant Tibulant Slideshow Gallery 1.4.5
Tribulant Tibulant Slideshow Gallery
Tribulant Tibulant Slideshow Gallery 1.4.2
Tribulant Tibulant Slideshow Gallery 1.4.3
Tribulant Tibulant Slideshow Gallery 1.4
Tribulant Tibulant Slideshow Gallery 1.4.1
2 EDB exploits
383
VMScore
CVE-2015-1000004
XSS in filedownload v1.4 wordpress plugin
Filedownload Project Filedownload 1.4
516
VMScore
CVE-2015-1000002
Open Proxy in filedownload v1.4 wordpress plugin
Filedownload Project Filedownload 1.4
605
VMScore
CVE-2013-2109
WordPress plugin wp-cleanfix has Remote Code Execution
Undolog Wp Cleanfix 1.4
668
VMScore
CVE-2015-1000003
Blind SQL Injection in filedownload v1.4 wordpress plugin
Filedownload Project Filedownload 1.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »