Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.0.1 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-1912
The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation on the smartsoftbutton_settings page. This makes it possible for unauthenticated malicious users to update...
Smartsoft Button Widget Smartsoft 1.0.1
8.8
CVSSv3
CVE-2022-1969
The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the admin_update_data() function. This makes it possible for unauthenticated malicious...
Script Mobile Browser Color Select
8.8
CVSSv3
CVE-2022-1749
The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplugin_atf_admin_setting_page() function found in the ~/inc/config/create-plugin-config.php file due to a missing nonce check which allows malicious users to inject arbitrary web scrip...
Wpmk Ajax Finder Project Wpmk Ajax Finder
8.6
CVSSv3
CVE-2020-24144
Directory traversal in the Media File Organizer (aka media-file-organizer) plugin 1.0.1 for WordPress lets an attacker get access to files that are stored outside the web root folder via the items[] parameter in a move operation.
Media File Organizer Project Media File Organizer 1.0.1
7.5
CVSSv3
CVE-2022-4550
The User Activity WordPress plugin up to and including 1.0.1 checks headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing
User Activity Project User Activity
7.2
CVSSv3
CVE-2022-4546
The Mapwiz WordPress plugin up to and including 1.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
Conceptbeans Mapwiz
7.2
CVSSv3
CVE-2022-36285
Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.
Uploading Svg, Webp And Ico Files Project Uploading Svg, Webp And Ico Files
7.2
CVSSv3
CVE-2021-24627
The G Auto-Hyperlink WordPress plugin up to and including 1.0.1 does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection
G Auto-hyperlink Project G Auto-hyperlink
6.5
CVSSv3
CVE-2022-4888
The Checkout Fields Manager WordPress plugin prior to 1.0.2, Abandoned Cart Recovery WordPress plugin prior to 1.2.5, Custom Fields for WooCommerce WordPress plugin prior to 1.0.4, Custom Order Number WordPress plugin up to and including 1.0.1, Custom Registration Forms Builder W...
Addify Order Tracking For Woocommerce
Addify Order Approval For Woocommerce
Addify Image Watermark For Woocommerce
Addify Gift Registry For Woocommerce
Addify Advanced Free Gifts
Addify Custom Registration Forms Builder
Addify Custom Order Number
Addify Custom Fields For Woocommerce
Addify Abandoned Cart Recovery
Addify Checkout Fields Manager
6.5
CVSSv3
CVE-2021-25116
The Enqueue Anything WordPress plugin up to and including 1.0.1 does not have authorisation and CSRF checks in the remove_asset AJAX action, and does not ensure that the item to be deleted is actually an asset. As a result, low privilege users such as subscriber could delete arbi...
Enqueue Anything Project Enqueue Anything
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »