Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.2.4 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2015-9501
The Artificial Intelligence theme prior to 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root.
Artificial Intelligence Project Artificial Intelligence
8.8
CVSSv3
CVE-2016-11002
The Elegant Themes Extra theme prior to 1.2.4 for WordPress has privilege escalation.
Elegantthemes Extra
7.5
CVSSv3
CVE-2019-15895
search-exclude.php in the "Search Exclude" plugin prior to 1.2.4 for WordPress allows unauthenticated options changes.
Search Exclude Project Search Exclude
6.1
CVSSv3
CVE-2019-15818
The simple-301-redirects-addon-bulk-uploader plugin up to and including 1.2.4 for WordPress has no requirement for authentication for action=bulk301export or action=bulk301clearlist.
Webcraftic Simple 301 Redirects
8.8
CVSSv3
CVE-2018-5372
The Testimonial Slider plugin up to and including 1.2.4 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter).
Slidervilla Testimonial Slider
8.8
CVSSv3
CVE-2015-2673
The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 up to and including 3.0.20 for WordPress allow remote malicious users to gain administrator privileges and execute arbitrary code via the opti...
Wpeasycart Wp Easycart 2.0.1
Wpeasycart Wp Easycart 1.2.16
Wpeasycart Wp Easycart 1.2.15
Wpeasycart Wp Easycart 1.2.14
Wpeasycart Wp Easycart 1.2.13
Wpeasycart Wp Easycart 1.2.12
Wpeasycart Wp Easycart 1.2.11
Wpeasycart Wp Easycart 1.2.10
Wpeasycart Wp Easycart 1.2.9
Wpeasycart Wp Easycart 1.2.8
Wpeasycart Wp Easycart 1.2.7
Wpeasycart Wp Easycart 1.2.6
Wpeasycart Wp Easycart 1.2.5
Wpeasycart Wp Easycart 1.2.4
Wpeasycart Wp Easycart 1.2.3
Wpeasycart Wp Easycart 1.2.2
Wpeasycart Wp Easycart 1.2.1
Wpeasycart Wp Easycart 1.2.0
Wpeasycart Wp Easycart 1.1.36
Wpeasycart Wp Easycart 1.1.35
Wpeasycart Wp Easycart 1.1.34
Wpeasycart Wp Easycart 1.1.33
NA
CVE-2014-8585
Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.
Wpdownloadmanager Wordpress Download Manager 1.1
Wpdownloadmanager Wordpress Download Manager 1.2
Wpdownloadmanager Wordpress Download Manager 1.2.1
Wpdownloadmanager Wordpress Download Manager 1.2.2
Wpdownloadmanager Wordpress Download Manager 1.2.3
Wpdownloadmanager Wordpress Download Manager 1.2.4
Wpdownloadmanager Wordpress Download Manager 1.2.5
Wpdownloadmanager Wordpress Download Manager 1.3
Wpdownloadmanager Wordpress Download Manager 1.4
Wpdownloadmanager Wordpress Download Manager 1.5
Wpdownloadmanager Wordpress Download Manager 1.5.1
Wpdownloadmanager Wordpress Download Manager 1.5.2
Wpdownloadmanager Wordpress Download Manager 1.5.3
Wpdownloadmanager Wordpress Download Manager 1.5.9
Wpdownloadmanager Wordpress Download Manager 1.5.32
Wpdownloadmanager Wordpress Download Manager 1.5.33
Wpdownloadmanager Wordpress Download Manager 2.0.1
Wpdownloadmanager Wordpress Download Manager 2.0.2
Wpdownloadmanager Wordpress Download Manager 2.0.3
Wpdownloadmanager Wordpress Download Manager 2.0.4
Wpdownloadmanager Wordpress Download Manager 2.0.5
Wpdownloadmanager Wordpress Download Manager 2.0.6
NA
CVE-2014-5337
The WordPress Mobile Pack plugin prior to 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote malicious users to obtain sensitive information via an exportarticles action to export/content.php.
Wordpress Mobile Pack Project Wordpress Mobile Pack 1.2.0
Wordpress Mobile Pack Project Wordpress Mobile Pack
Wpmobilepack Wordpress Mobile Pack 1.0.8223
Wpmobilepack Wordpress Mobile Pack 1.1.1
Wpmobilepack Wordpress Mobile Pack 1.1.2
Wpmobilepack Wordpress Mobile Pack 1.1.3
Wpmobilepack Wordpress Mobile Pack 1.1.9
Wpmobilepack Wordpress Mobile Pack 1.1.91
Wpmobilepack Wordpress Mobile Pack 1.1.92
Wpmobilepack Wordpress Mobile Pack 1.2.1
Wpmobilepack Wordpress Mobile Pack 1.2.3
Wpmobilepack Wordpress Mobile Pack 1.2.4
Wpmobilepack Wordpress Mobile Pack 1.2.5
Wpmobilepack Wordpress Mobile Pack 2.0
NA
CVE-2014-5344
Multiple cross-site scripting (XSS) vulnerabilities in the Mobiloud (mobiloud-mobile-app-plugin) plugin prior to 2.3.8 for WordPress allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third pa...
Mobiloud Mobiloud 1.8.9
Mobiloud Mobiloud 1.4.1
Mobiloud Mobiloud 1.9.1
Mobiloud Mobiloud 1.6.2
Mobiloud Mobiloud 1.8.8
Mobiloud Mobiloud 2.1
Mobiloud Mobiloud 1.8.15
Mobiloud Mobiloud 1.8.5
Mobiloud Mobiloud 1.5
Mobiloud Mobiloud 1.7
Mobiloud Mobiloud 1.2.6
Mobiloud Mobiloud
Mobiloud Mobiloud 1.3.8
Mobiloud Mobiloud 1.6
Mobiloud Mobiloud 1.4
Mobiloud Mobiloud 1.3.6
Mobiloud Mobiloud 1.8.2
Mobiloud Mobiloud 1.8.6
Mobiloud Mobiloud 1.6.1
Mobiloud Mobiloud 1.2.4
Mobiloud Mobiloud 1.8.12
Mobiloud Mobiloud 1.7.1
NA
CVE-2014-0165
WordPress prior to 3.7.2 and 3.8.x prior to 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php.
Wordpress Wordpress 3.0.5
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 1.2.3
Wordpress Wordpress 3.4.0
Wordpress Wordpress 2.0.11
Wordpress Wordpress 1.3.3
Wordpress Wordpress 3.6.1
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 3.7
Wordpress Wordpress 1.6.2
Wordpress Wordpress 3.5.0
Wordpress Wordpress 2.1
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.2.4
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.0.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »