Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.0 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2012-10016
A vulnerability classified as problematic has been found in Halulu simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-button_dl.php of the component Download Handler. The manipulation of the argument file leads to...
Halulu Simple-download-button-shortcode 1.0
4.3
CVSSv3
CVE-2023-5531
The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the delete functionality. This makes it possible for unauthenticated malicious users ...
I13websolution Thumbnail Slider With Lightbox
5.4
CVSSv3
CVE-2023-3510
The FTP Access WordPress plugin up to and including 1.0 does not have authorisation and CSRF checks when updating its settings and is missing sanitisation as well as escaping in them, allowing any authenticated users, such as subscriber to update them with XSS payloads, which wil...
Danialhatami Ftp Access
7.2
CVSSv3
CVE-2023-2482
The Responsive CSS EDITOR WordPress plugin up to and including 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admin.
Wpwox Responsive Css Editor
5.4
CVSSv3
CVE-2023-0520
The RapidExpCart WordPress plugin up to and including 1.0 does not sanitize and escape the url parameter in the rapidexpcart endpoint before storing it and outputting it back in the page, leading to a Stored Cross-Site Scripting vulnerability which could be used against high-priv...
Rapidexp Rapidexpcart
6.1
CVSSv3
CVE-2023-0421
The Cloud Manager WordPress plugin up to and including 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated malicious users to trick a logged in admin to trigger a XSS payload by clicking a link.
Cloud Manager Project Cloud Manager
6.1
CVSSv3
CVE-2023-0514
The Membership Database WordPress plugin up to and including 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Membership Database Project Membership Database
7.2
CVSSv3
CVE-2023-0924
The ZYREX POPUP WordPress plugin up to and including 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user (such as an Administrator) to upload arbitrary files, even when modifying the file system is disallowed, such as in a multi...
Zyrex Popup
4.8
CVSSv3
CVE-2023-23806
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davinder Singh Custom Settings plugin <= 1.0 versions.
Wordpress Custom Settings Project Wordpress Custom Settings 1.0
5.4
CVSSv3
CVE-2023-0363
The Scheduled Announcements Widget WordPress plugin prior to 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cr...
Nlb-creations Scheduled Announcements Widget
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »