Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.0.2 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-4746
The FluentAuth WordPress plugin prior to 1.0.2 prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass the IP-based blocks set by the plugin.
Wpmanageninja Fluentauth
6.1
CVSSv3
CVE-2022-40209
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xylus Themes WP Smart Import plugin <= 1.0.2 on WordPress.
Xylusthemes Wp Smart Import
6.1
CVSSv3
CVE-2022-1673
The WooCommerce Green Wallet Gateway WordPress plugin prior to 1.0.2 does not escape the error_envision query parameter before outputting it to the page, leading to a Reflected Cross-Site Scripting vulnerability.
Greenwallet Woocommerce Green Wallet Gateway
4.8
CVSSv3
CVE-2022-1558
The Curtain WordPress plugin up to and including 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed
Curtain Project Curtain
NA
CVE-2021-242471
WordPress Contact Form Check Tester plugin version 1.0.2 suffers from broken access control and cross site scripting vulnerabilities.
5.4
CVSSv3
CVE-2021-24745
The About Author Box WordPress plugin prior to 1.0.2 does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform Cross-Site Scripting attacks.
Wpkube About Author Box
4.8
CVSSv3
CVE-2021-24645
The Booking.com Product Helper WordPress plugin prior to 1.0.2 does not sanitize and escape Product Code when creating Product Shortcode, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Bookingholdings Booking.com Product Helper
4.8
CVSSv3
CVE-2021-39335
The WpGenius Job Listing WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/src/admin/class/class-wpgenious-job-listing-options.php file which allowed attackers with administrat...
Wpgenious Wpgenius Job Listing
5.4
CVSSv3
CVE-2021-24247
The Contact Form Check Tester WordPress plugin up to and including 1.0.2 settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which wi...
Mooveagency Contact Form Check Tester
8.8
CVSSv3
CVE-2020-6849
The marketo-forms-and-tracking plugin up to and including 1.0.2 for WordPress allows wp-admin/admin.php?page=marketo_fat CSRF with resultant XSS.
Hutchhouse Marketo Forms And Tracking
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »