Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.5.2 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-28649
The orbisius-child-theme-creator plugin prior to 1.5.2 for WordPress allows CSRF via orbisius_ctc_theme_editor_manage_file.
Orbisius Child Theme Creator
8.8
CVSSv3
CVE-2015-9228
In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php.
Imagely Nextgen Gallery 2.1.10
Imagely Nextgen Gallery 2.0.66.29
Imagely Nextgen Gallery 2.0.66.27
Imagely Nextgen Gallery 2.0.66.26
Imagely Nextgen Gallery 2.0.66.17
Imagely Nextgen Gallery 2.0.25
Imagely Nextgen Gallery 2.0.23
Imagely Nextgen Gallery 2.0.21
Imagely Nextgen Gallery 2.0.17
Imagely Nextgen Gallery 1.9.3
Imagely Nextgen Gallery 1.9.2
Imagely Nextgen Gallery 1.9.1
Imagely Nextgen Gallery 1.9.0
Imagely Nextgen Gallery 1.8.4
Imagely Nextgen Gallery 1.5.5
Imagely Nextgen Gallery 1.5.4
Imagely Nextgen Gallery 1.5.3
Imagely Nextgen Gallery 1.5.2
Imagely Nextgen Gallery 2.1.9
Imagely Nextgen Gallery 2.1.2
Imagely Nextgen Gallery 2.0.79
Imagely Nextgen Gallery 2.0.74
6.1
CVSSv3
CVE-2022-1546
The WooCommerce - Product Importer WordPress plugin up to and including 1.5.2 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting
Visser Woocommerce - Product Importer
6.1
CVSSv3
CVE-2021-25111
The English WordPress Admin WordPress plugin prior to 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue
English Wordpress Admin Project English Wordpress Admin
6.1
CVSSv3
CVE-2021-24764
The Perfect Survey WordPress plugin prior to 1.5.2 does not sanitise and escape multiple parameters (id and filters[session_id] of single_statistics page, type and message of importexport page) before outputting them back in pages/attributes in the admin dashboard, leading to Ref...
Getperfectsurvey Perfect Survey
6.1
CVSSv3
CVE-2021-24765
The Perfect Survey WordPress plugin up to and including 1.5.2 does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is turned off, leading to a Stored Cross-Site Scripting issue
Getperfectsurvey Perfect Survey
6.1
CVSSv3
CVE-2011-4595
Pretty-Link WordPress plugin 1.5.2 has XSS
Caseproof Pretty Link 1.5.2
1 EDB exploit
6.1
CVSSv3
CVE-2017-18582
The time-sheets plugin prior to 1.5.2 for WordPress has multiple XSS issues.
Time Sheets Project Time Sheets
6.1
CVSSv3
CVE-2015-4557
Cross-site scripting (XSS) vulnerability in the new_Twitter_sign_button function in nextend-Twitter-connect.php in the Nextend Twitter Connect plugin prior to 1.5.2 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the redirect_to parameter. N...
Nextendweb Nextend Twitter Connect
6.1
CVSSv3
CVE-2017-15867
Multiple cross-site scripting (XSS) vulnerabilities in the user-login-history plugin up to and including 1.5.2 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, (3) user_id, (4) username, (5) country_name, (6) br...
User-login-history Project User-login-history
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »