Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.2 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-24626
The Chameleon CSS WordPress plugin up to and including 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, remove_css, also does not sanitise o...
Chameleon Css Project Chameleon Css
8.8
CVSSv3
CVE-2020-35135
The ultimate-category-excluder plugin prior to 1.2 for WordPress allows ultimate-category-excluder.php CSRF.
Infolific Ultimate Category Excluder
8.8
CVSSv3
CVE-2013-2009
WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution
Automattic Wp Super Cache 1.2
1 EDB exploit
8.8
CVSSv3
CVE-2015-9448
The sendpress plugin prior to 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter.
Pressified Sendpress
8.8
CVSSv3
CVE-2011-5328
The user-access-manager plugin prior to 1.2 for WordPress has CSRF.
User Access Manager Project User Access Manager
8.8
CVSSv3
CVE-2013-7476
The simple-fields plugin prior to 1.2 for WordPress has CSRF in the admin interface.
Simple Fields Project Simple Fields
7.5
CVSSv3
CVE-2016-10924
The ebook-download plugin prior to 1.2 for WordPress has directory traversal.
Zedna Ebook Download Project Zedna Ebook Download
1 Github repository
7.2
CVSSv3
CVE-2021-24398
The Add new scene functionality in the Responsive 3D Slider WordPress plugin up to and including 1.2 uses an id parameter which is not sanitised, escaped or validated before being inserted to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same fun...
Webpsilon Responsive 3d Slider
7.2
CVSSv3
CVE-2021-24553
The Timeline Calendar WordPress plugin up to and including 1.2 does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL injection issue. Other SQL Injections are also present in the plugin
Timeline Calendar Project Timeline Calendar
6.5
CVSSv3
CVE-2022-4266
The Bulk Delete Users by Email WordPress plugin up to and including 1.2 does not have CSRF check when deleting users, which could allow malicious users to make a logged in admin delete non admin users by knowing their email via a CSRF attack
Speakdigital Bulk Delete Users By Email
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »