Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.2.1 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-2654
The Conditional Menus WordPress plugin prior to 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Themify Conditional Menus
6.1
CVSSv3
CVE-2017-18576
The event-notifier plugin prior to 1.2.1 for WordPress has XSS via the loading animation.
Event Notifier Project Event Notifier
6.1
CVSSv3
CVE-2017-18564
The sender plugin prior to 1.2.1 for WordPress has multiple XSS issues.
Bestwebsoft Sender
6.1
CVSSv3
CVE-2017-18490
The contact-form-multi plugin prior to 1.2.1 for WordPress has multiple XSS issues.
Bestwebsoft Contact Form Multi
6.1
CVSSv3
CVE-2017-9420
Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin prior to 3.3.0 for WordPress allows remote malicious users to inject arbitrary JavaScript via the yr parameter.
Sunnythemes Spiffy Calendar 1.3.1
Sunnythemes Spiffy Calendar 1.1.8
Sunnythemes Spiffy Calendar 2.1.1
Sunnythemes Spiffy Calendar 3.1.2
Sunnythemes Spiffy Calendar 3.0.2
Sunnythemes Spiffy Calendar 3.1.3
Sunnythemes Spiffy Calendar 1.1.4
Sunnythemes Spiffy Calendar 1.1.3
Sunnythemes Spiffy Calendar 3.0.7
Sunnythemes Spiffy Calendar 1.2.0
Sunnythemes Spiffy Calendar 3.0.5
Sunnythemes Spiffy Calendar 3.1.0
Sunnythemes Spiffy Calendar 1.1.6
Sunnythemes Spiffy Calendar 3.0.8
Sunnythemes Spiffy Calendar 3.0.6
Sunnythemes Spiffy Calendar 1.1.5
Sunnythemes Spiffy Calendar 3.0.4
Sunnythemes Spiffy Calendar 1.2.1
Sunnythemes Spiffy Calendar 3.1.1
Sunnythemes Spiffy Calendar 1.0.0
Sunnythemes Spiffy Calendar 1.1.1
Sunnythemes Spiffy Calendar 1.1.7
5.4
CVSSv3
CVE-2023-6982
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and postmeta in all versions up to, and including, 1.2.1 due to insufficient input sanitization and out...
Vegacorp Display Custom Fields In The Frontend - Post And User Profile Fields
5.4
CVSSv3
CVE-2023-4460
The Uploading SVG, WEBP and ICO files WordPress plugin up to and including 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
Uploading Svg, Webp And Ico Files Project Uploading Svg, Webp And Ico Files
5.4
CVSSv3
CVE-2023-5163
The Weather Atlas Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortcode-weather-atlas' shortcode in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...
Weather-atlas Weather Atlas
5.4
CVSSv3
CVE-2023-2279
The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the 'admin_page_display' function. This makes it possible for unauthenticated malicious...
Wpdirectorykit Wp Directory Kit
5.4
CVSSv3
CVE-2023-0489
The SlideOnline WordPress plugin up to and including 1.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Si...
Slideonline Project Sideonline
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »