Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kacper szurek vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2014-8802
The Pie Register plugin prior to 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote malicious users to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verifyit action.
Genetechsolutions Pie Register
1 EDB exploit
4.3
CVSSv2
CVE-2015-2218
Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin prior to 2.1 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) item[name] or (2) item...
Magic Hills Wonderplugin Audio Player
1 EDB exploit
6.5
CVSSv2
CVE-2015-2199
Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin prior to 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remot...
Wonderplugin Audio Player
1 EDB exploit
5
CVSSv2
CVE-2015-6512
SQL injection vulnerability in the get_messages function in server/plugins/chatroom/chatroom.php in FreiChat 9.6 allows remote malicious users to execute arbitrary SQL commands via the time parameter to server/freichat.php.
Codelogic Freichat 9.6
1 EDB exploit
6.5
CVSSv2
CVE-2014-9258
SQL injection vulnerability in ajax/getDropdownValue.php in GLPI prior to 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter.
Glpi-project Glpi
1 EDB exploit
6.5
CVSSv2
CVE-2014-9260
The basic_settings function in the download manager plugin for WordPress prior to 2.7.3 allows remote authenticated users to update every WordPress option.
Downloadmanager Download Manager
1 EDB exploit
NA
CVE-2014-92601
WordPress Download Manager plugin version 2.7.2 suffers from a privilege escalation vulnerability.
5
CVSSv2
CVE-2014-9261
The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote malicious users to read arbitrary files via a .. (dot dot) in the path parameter to index.php.
Codologic Codoforum 2.5.1
1 EDB exploit
5.5
CVSSv2
CVE-2014-9262
The Duplicator plugin in Wordpress prior to 0.5.10 allows remote authenticated users to create and download backup files.
Snapcreek Duplicator
1 EDB exploit
6.5
CVSSv2
CVE-2014-9305
SQL injection vulnerability in the shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin prior to 1.5.2 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a shortcode_products_table action to wp-a...
Reality66 Cart66 Lite
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »