Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.2 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-4267
The Bulk Delete Users by Email WordPress plugin up to and including 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
Speakdigital Bulk Delete Users By Email
6.5
CVSSv3
CVE-2022-4266
The Bulk Delete Users by Email WordPress plugin up to and including 1.2 does not have CSRF check when deleting users, which could allow malicious users to make a logged in admin delete non admin users by knowing their email via a CSRF attack
Speakdigital Bulk Delete Users By Email
5.4
CVSSv3
CVE-2022-45375
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in iFeature Slider plugin <= 1.2 on WordPress.
Cyberchimps Ifeature Slider
6.5
CVSSv3
CVE-2022-3538
The Webmaster Tools Verification WordPress plugin up to and including 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins
Webmaster Tools Verification Project Webmaster Tools Verification
8.8
CVSSv3
CVE-2022-3401
The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability (CVE-2022-3400), makes it possib...
Bricksbuilder Bricks
8.8
CVSSv3
CVE-2022-2443
The FreeMind WP Browser plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.2. This is due to missing nonce protection on the FreemindOptions() function found in the ~/freemind-wp-browser.php file. This makes it possible for unauthe...
Freemind Wp Browser Project Freemind Wp Browser
4.8
CVSSv3
CVE-2022-1750
The Sticky Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ popup_title' parameter in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...
Sticky Popup Project Sticky Popup
2.7
CVSSv3
CVE-2022-1684
The Cube Slider WordPress plugin up to and including 1.2 does not sanitise and escape the idslider parameter before using it in various SQL queries, leading to SQL Injections exploitable by high privileged users such as admin
Webpsilon Cube Slider
6.1
CVSSv3
CVE-2022-1216
The Advanced Image Sitemap WordPress plugin up to and including 1.2 does not sanitise and escape the PHP_SELF PHP variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting.
Advanced Image Sitemap Project Advanced Image Sitemap
4.8
CVSSv3
CVE-2022-1512
The ScrollReveal.js Effects WordPress plugin up to and including 1.2 does not sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Scrollrevealjs-effects Project Scrollrevealjs-effects
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »