Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.2.2 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-4789
The WPZOOM Portfolio WordPress plugin prior to 1.2.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Wpzoom Wpzoom Portfolio
NA
CVE-2022-4061
The JobBoardWP WordPress plugin prior to 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP.
Ultimatemember Jobboardwp
3 Github repositories
3.5
CVSSv2
CVE-2022-1644
The Call&Book Mobile Bar WordPress plugin up to and including 1.2.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
Call&book Mobile Bar Project Call&book Mobile Bar
3.5
CVSSv2
CVE-2022-27845
Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) in PlausibleHQ Plausible Analytics (WordPress plugin) <= 1.2.2
Plausible Plausible Analytics
3.5
CVSSv2
CVE-2021-24604
The Availability Calendar WordPress plugin prior to 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_htm...
Offshorewebmaster Availability Calendar
6.5
CVSSv2
CVE-2021-24497
The Giveaway WordPress plugin up to and including 1.2.2 is vulnerable to an SQL Injection issue which allows an administrative user to execute arbitrary SQL commands via the $post_id on the options.php page.
Satollo Giveaway
4.3
CVSSv2
CVE-2021-24380
The Shantz WordPress QOTD WordPress plugin up to and including 1.2.2 is lacking any CSRF check when updating its settings, allowing malicious users to make logged in administrators change them to arbitrary values.
Shantz Wordpress Qotd Project Shantz Wordpress Qotd
4.3
CVSSv2
CVE-2021-24372
The WP Hardening – Fix Your WordPress Security WordPress plugin prior to 1.2.2 did not sanitise or escape the $_SERVER['REQUEST_URI'] before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue.
Getastra Wp Hardening
4.3
CVSSv2
CVE-2021-24373
The WP Hardening – Fix Your WordPress Security WordPress plugin prior to 1.2.2 did not sanitise or escape the historyvalue GET parameter before outputting it in a Javascript block, leading to a reflected Cross-Site Scripting issue.
Getastra Wp Hardening
4.3
CVSSv2
CVE-2020-14063
A stored Cross-Site Scripting (XSS) vulnerability in the TC Custom JavaScript plugin prior to 1.2.2 for WordPress allows unauthenticated remote malicious users to inject arbitrary JavaScript via the tccj-content parameter. This is displayed in the page footer of every front-end p...
Tc Custom Javascript Project Tc Custom Javascript
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »