Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.5.1 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-1168
There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin prior to 1.5.1.
Eyecix Jobsearch Wp Job Board
3.5
CVSSv3
CVE-2021-25075
The Duplicate Page or Post WordPress plugin prior to 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's set...
Wpdevart Duplicate Page Or Post
1 Github repository
9.8
CVSSv3
CVE-2021-24762
The Perfect Survey WordPress plugin prior to 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.
Getperfectsurvey Perfect Survey
1 Github repository
4.3
CVSSv3
CVE-2021-24749
The URL Shortify WordPress plugin prior to 1.5.1 does not have CSRF check in place when bulk-deleting links or groups, which could allow malicious users to make a logged in admin delete arbitrary link and group via a CSRF attack.
Kazencoders Url Shortify
6.1
CVSSv3
CVE-2021-38333
The WP Scrippets WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/wp-scrippets.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1.5.1.
Wp Scrippets Project Wp Scrippets
8.8
CVSSv3
CVE-2020-9043
The wpCentral plugin prior to 1.5.1 for WordPress allows disclosure of the connection key.
Wpcentral Wpcentral
6.1
CVSSv3
CVE-2015-9336
The clean-login plugin prior to 1.5.1 for WordPress has reflected XSS.
Codection Clean Login
7.2
CVSSv3
CVE-2019-12239
The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows malicious users to reach certain SQL injection issues that require administrative access.
Wpbookingsystem Wp Booking System
6.1
CVSSv3
CVE-2015-4557
Cross-site scripting (XSS) vulnerability in the new_Twitter_sign_button function in nextend-Twitter-connect.php in the Nextend Twitter Connect plugin prior to 1.5.2 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the redirect_to parameter. N...
Nextendweb Nextend Twitter Connect
8.8
CVSSv3
CVE-2015-9228
In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php.
Imagely Nextgen Gallery 2.1.10
Imagely Nextgen Gallery 2.1.9
Imagely Nextgen Gallery 2.1.7
Imagely Nextgen Gallery 2.1.2
Imagely Nextgen Gallery 2.1.0
Imagely Nextgen Gallery 2.0.79
Imagely Nextgen Gallery 2.0.78.1
Imagely Nextgen Gallery 2.0.78
Imagely Nextgen Gallery 2.0.77
Imagely Nextgen Gallery 2.0.76
Imagely Nextgen Gallery 2.0.74
Imagely Nextgen Gallery 2.0.71
Imagely Nextgen Gallery 2.0.66.33
Imagely Nextgen Gallery 2.0.66.31
Imagely Nextgen Gallery 2.0.66.29
Imagely Nextgen Gallery 2.0.66.27
Imagely Nextgen Gallery 2.0.66.26
Imagely Nextgen Gallery 2.0.66.17
Imagely Nextgen Gallery 2.0.66.16
Imagely Nextgen Gallery 2.0.66
Imagely Nextgen Gallery 2.0.65
Imagely Nextgen Gallery 2.0.63
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »