Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.1.1 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-2547
The Feather Login Page plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteUser' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with su...
Featherplugins Feather Login Page
7.2
CVSSv3
CVE-2023-2435
The Blog-in-Blog plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.1 via a shortcode attribute. This allows editor-level, and above, malicious users to include and execute arbitrary files on the server, allowing the execution of any ...
Blog-in-blog Project Blog-in-blog
4.8
CVSSv3
CVE-2023-2436
The Blog-in-Blog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blog_in_blog' shortcode in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Blog-in-blog Project Blog-in-blog
8.8
CVSSv3
CVE-2023-28661
The WP Popup Banners WordPress Plugin, version <= 1.2.5, is affected by an authenticated SQL injection vulnerability in the 'value' parameter in the get_popup_data action.
Accesspressthemes Wp Popup Banners 1.2.3
Accesspressthemes Wp Popup Banners 1.2.4
Accesspressthemes Wp Popup Banners 1.2.2
Accesspressthemes Wp Popup Banners 1.2.1
Accesspressthemes Wp Popup Banners 1.2.0
Accesspressthemes Wp Popup Banners 1.1.9
Accesspressthemes Wp Popup Banners 1.1.8
Accesspressthemes Wp Popup Banners 1.1.7
Accesspressthemes Wp Popup Banners 1.1.6
Accesspressthemes Wp Popup Banners 1.1.5
Accesspressthemes Wp Popup Banners 1.1.4
Accesspressthemes Wp Popup Banners 1.1.3
Accesspressthemes Wp Popup Banners 1.1.2
Accesspressthemes Wp Popup Banners 1.1.1
Accesspressthemes Wp Popup Banners 1.1.0
Accesspressthemes Wp Popup Banners 1.0.9
Accesspressthemes Wp Popup Banners 1.0.8
Accesspressthemes Wp Popup Banners 1.0.7
Accesspressthemes Wp Popup Banners 1.0.6
Accesspressthemes Wp Popup Banners 1.0.5
Accesspressthemes Wp Popup Banners 1.0.4
Accesspressthemes Wp Popup Banners 1.0.3
5.4
CVSSv3
CVE-2023-0175
The Responsive Clients Logo Gallery Plugin for WordPress plugin up to and including 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and a...
Accesspressthemes Smart Logo Showcase Lite 1.1.7
Accesspressthemes Smart Logo Showcase Lite 1.1.9
Accesspressthemes Smart Logo Showcase Lite 1.1.8
Accesspressthemes Smart Logo Showcase Lite 1.1.6
Accesspressthemes Smart Logo Showcase Lite 1.1.5
Accesspressthemes Smart Logo Showcase Lite 1.1.4
Accesspressthemes Smart Logo Showcase Lite 1.1.3
Accesspressthemes Smart Logo Showcase Lite 1.1.2
Accesspressthemes Smart Logo Showcase Lite 1.1.1
Accesspressthemes Smart Logo Showcase Lite 1.1.0
Accesspressthemes Smart Logo Showcase Lite 1.0.9
Accesspressthemes Smart Logo Showcase Lite 1.0.8
Accesspressthemes Smart Logo Showcase Lite 1.0.7
Accesspressthemes Smart Logo Showcase Lite 1.0.6
Accesspressthemes Smart Logo Showcase Lite 1.0.5
Accesspressthemes Smart Logo Showcase Lite 1.0.4
Accesspressthemes Smart Logo Showcase Lite 1.0.3
Accesspressthemes Smart Logo Showcase Lite 1.0.2
Accesspressthemes Smart Logo Showcase Lite 1.0.1
Accesspressthemes Smart Logo Showcase Lite 1.0.0
5.4
CVSSv3
CVE-2023-0068
The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin up to and including 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role an...
Product Gtin (ean, Upc, Isbn) For Woocommerce Project Product Gtin (ean, Upc, Isbn) For Woocommerce
4.8
CVSSv3
CVE-2022-26375
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mammothology AB Press Optimizer plugin <= 1.1.1 on WordPress.
Abpressoptimizer Ab Press Optimizer
7.2
CVSSv3
CVE-2022-29446
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Counter Box plugin <= 1.1.1 at WordPress.
Wow-company Counter Box
4.9
CVSSv3
CVE-2021-24966
The Error Log Viewer WordPress plugin up to and including 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder
Bestwebsoft Error Log Viewer
4.8
CVSSv3
CVE-2022-0703
The GD Mylist WordPress plugin up to and including 1.1.1 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Gd-mylist Project Gd-mylist
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
remote code execution
CVE-2024-37080
CVE-2024-5182
CVE-2024-4390
CVE-2024-6100
brute force
CVE-2021-47581
file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »