Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.2.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-1760
The Core Control WordPress plugin up to and including 1.2.1 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack
Dd32 Core Control
NA
CVE-2023-5957
The Ni Purchase Order(PO) For WooCommerce WordPress plugin up to and including 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading ...
Naziinfotech Ni Purchase Order(po) For Woocommerce
NA
CVE-2023-4311
The Vrm 360 3D Model Viewer WordPress plugin up to and including 1.2.1 is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode.
Maurice Vrm360
NA
CVE-2023-4460
The Uploading SVG, WEBP and ICO files WordPress plugin up to and including 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
Uploading Svg, Webp And Ico Files Project Uploading Svg, Webp And Ico Files
NA
CVE-2023-5163
The Weather Atlas Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortcode-weather-atlas' shortcode in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...
Weather-atlas Weather Atlas
NA
CVE-2023-5776
The Post Meta Data Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the pmdm_wp_ajax_delete_meta, pmdm_wp_delete_user_meta, and pmdm_wp_delete_user_meta functions. This...
Wpexpertplugins Post Meta Data Manager
NA
CVE-2023-5177
The Vrm 360 3D Model Viewer WordPress plugin up to and including 1.2.1 exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode.
Maurice Vrm360
NA
CVE-2023-2813
All of the above Aapna WordPress theme up to and including 1.3, Anand WordPress theme up to and including 1.2, Anfaust WordPress theme up to and including 1.1, Arendelle WordPress theme prior to 1.1.13, Atlast Business WordPress theme up to and including 1.5.8.5, Bazaar Lite Word...
Saumendra Aapna
Saumendra Anand
Thewebhunter Anfaust
Deothemes Arendelle
Archimidismertzanos Atlast Business
Themeinprogress Bazaar Lite
Arthousewebdesign Brain Power
Yws Bunnypress Lite
Ayecode Cafe Bistro
Ayecode College
Omarfolgheraiter Digitally
Henleythemes Counterpoint
Ajaydsouza Connections Reloaded
Competethemes Drop
Ayecode Directory
Deothemes Everse
Archimidismertzanos Fashionable Store
Marchettidesign Fullbase
Dotecsa Ilex
Jinwen Js O3 Lite
Climaxthemes Kata
Jinwen Js Paper
NA
CVE-2023-2279
The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the 'admin_page_display' function. This makes it possible for unauthenticated malicious...
Wpdirectorykit Wp Directory Kit
NA
CVE-2021-4413
The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated malicious users to...
Coolplugins Process Steps Template Designer
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »