Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.1.1 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2016-11009
The wp-invoice plugin prior to 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates.
Usabilitydynamics Wp-invoice
NA
CVE-2024-24796
Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin.This issue affects Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress P...
3.5
CVSSv2
CVE-2021-25065
The Smash Balloon Social Post Feed WordPress plugin prior to 4.1.1 was affected by a reflected XSS in custom-facebook-feed in cff-top admin page.
Smashballoon Smash Balloon Social Post Feed
4.3
CVSSv2
CVE-2022-1724
The Simple Membership WordPress plugin prior to 4.1.1 does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Reflected Cross-Site Scripting
Simple-membership-plugin Simple Membership
NA
CVE-2023-0812
The Active Directory Integration / LDAP Integration WordPress plugin prior to 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure.
Miniorange Active Directory Integration \\/ Ldap Integration
NA
CVE-2023-6049
The Estatik Real Estate Plugin WordPress plugin prior to 4.1.1 unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog
Estatik Estatik
NA
CVE-2023-6050
The Estatik Real Estate Plugin WordPress plugin prior to 4.1.1 does not sanitise and escape various parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Estatik Estatik
NA
CVE-2023-6048
The Estatik Real Estate Plugin WordPress plugin prior to 4.1.1 does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are reset
Estatik Estatik
NA
CVE-2022-4667
The RSS Aggregator by Feedzy WordPress plugin prior to 4.1.1 does not validate and escape some of its block options before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be use...
Themeisle Rss Aggregator By Feedzy
4.3
CVSSv2
CVE-2021-24466
The Verse-O-Matic WordPress plugin up to and including 4.1.1 does not have any CSRF checks in place, allowing malicious users to make logged in administrators do unwanted actions, such as add/edit/delete arbitrary verses and change the settings. Due to the lack of sanitisation in...
Verse-o-matic Project Verse-o-matic
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2108
CVE-2024-31061
CVE-2024-25959
CVE-2023-45866
injection
IDOR
memory leak
CVE-2024-1086
CVE-2023-42931
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »