Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.1.1 vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2016-11010
The wp-invoice plugin prior to 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates.
Usabilitydynamics Wp-invoice
NA
CVE-2024-24796
Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin.This issue affects Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress P...
312
VMScore
CVE-2021-25065
The Smash Balloon Social Post Feed WordPress plugin prior to 4.1.1 was affected by a reflected XSS in custom-facebook-feed in cff-top admin page.
Smashballoon Smash Balloon Social Post Feed
NA
CVE-2023-0812
The Active Directory Integration / LDAP Integration WordPress plugin prior to 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure.
Miniorange Active Directory Integration \\/ Ldap Integration
383
VMScore
CVE-2022-1724
The Simple Membership WordPress plugin prior to 4.1.1 does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Reflected Cross-Site Scripting
Simple-membership-plugin Simple Membership
NA
CVE-2023-6049
The Estatik Real Estate Plugin WordPress plugin prior to 4.1.1 unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog
Estatik Estatik
NA
CVE-2023-6050
The Estatik Real Estate Plugin WordPress plugin prior to 4.1.1 does not sanitise and escape various parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Estatik Estatik
NA
CVE-2024-5223
The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploading feature in all versions up to, and including, 4.1.1 due to insufficient input sanitization and output esca...
NA
CVE-2023-6048
The Estatik Real Estate Plugin WordPress plugin prior to 4.1.1 does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are reset
Estatik Estatik
NA
CVE-2022-4667
The RSS Aggregator by Feedzy WordPress plugin prior to 4.1.1 does not validate and escape some of its block options before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be use...
Themeisle Rss Aggregator By Feedzy
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36954
CVE-2024-36933
CVE-2024-24919
CVE-2024-36923
CVE-2024-2961
CVE-2024-36925
bypass
encryption
command injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »