Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.2.3 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-4833
The YourChannel: Everything you want in a YouTube plugin WordPress plugin prior to 1.2.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site S...
Plugin Yourchannel
5.4
CVSSv3
CVE-2022-1557
The ULeak Security & Monitoring WordPress plugin up to and including 1.2.3 does not have authorisation and CSRF checks when updating its settings, and is also lacking sanitisation as well as escaping in some of them, which could allow any authenticated users such as subscribe...
Uleak-security-dashboard Project Uleak-security-dashboard
5.4
CVSSv3
CVE-2021-24643
The WP Map Block WordPress plugin prior to 1.2.3 does not escape some attributes of the WP Map Block, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
Wp Map Block Project Wp Map Block
5.4
CVSSv3
CVE-2015-4039
Multiple cross-site scripting (XSS) vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified (1) profile fields or (2) new post content. NOTE: CVE-2015-4038 can be used to bypass the ad...
E-plugins Wp Membership 1.2.3
1 EDB exploit
5.4
CVSSv3
CVE-2018-18373
In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulnerability has been discovered in file upload areas in the Chat and Help Desk sections via the msg parameter in a /wp-admin/admin-ajax.php sb_ajax_add_message action.
Schiocco Support Board - Chat And Help Desk 1.2.3
5.3
CVSSv3
CVE-2023-2280
The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_public' function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated malicious us...
Wpdirectorykit Wp Directory Kit
5.3
CVSSv3
CVE-2023-1868
The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when clearing the plugin cache via the yrc_clear_cache GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated malicious use...
Plugin Yourchannel
4.9
CVSSv3
CVE-2024-0697
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the backuply_get_jstree function. This makes it possible for attackers with administrator pri...
Softaculous Backuply
4.9
CVSSv3
CVE-2023-4505
The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with...
Miniorange Staff \\/ Employee Business Directory For Active Directory
4.8
CVSSv3
CVE-2022-1559
The Clipr WordPress plugin up to and including 1.2.3 does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed
Clipr Clipr
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »