Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.3 vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2021-24396
A pageid GET parameter of the GSEOR – WordPress SEO Plugin WordPress plugin up to and including 1.3 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
Bestiaweb Gseor
8.8
CVSSv3
CVE-2021-24602
The HM Multiple Roles WordPress plugin prior to 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page
Hmplugin Hm Multiple Roles
9.8
CVSSv3
CVE-2020-24142
Server-side request forgery in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports...
Ninjateam Video Downloader For Tiktok 1.3
7.5
CVSSv3
CVE-2020-24143
Directory traversal in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker get access to files that are stored outside the web root folder via the njt-tk-download-video parameter.
Ninjateam Video Downloader For Tiktok 1.3
6.5
CVSSv3
CVE-2021-24333
The Content Copy Protection & Prevent Image Save WordPress plugin up to and including 1.3 does not check for CSRF when saving its settings, not perform any validation and sanitisation on them, allowing malicious users to make a logged in administrator set arbitrary XSS payloa...
Content Copy Protection & Prevent Image Save Project Content Copy Protection & Prevent Image Save
6.5
CVSSv3
CVE-2021-24324
The 404 SEO Redirection WordPress plugin up to and including 1.3 is lacking CSRF checks in all its settings, allowing malicious users to make a logged in user change the plugin's settings. Due to the lack of sanitisation and escaping in some fields, it could also lead to Sto...
Clogica All 404 Redirect To Homepage
6.1
CVSSv3
CVE-2021-24325
The tab parameter of the settings page of the 404 SEO Redirection WordPress plugin up to and including 1.3 is vulnerable to a reflected Cross-Site Scripting (XSS) issue as user input is not properly sanitised or escaped before being output in an attribute.
Clogica Seo Redirection Plugin
7.2
CVSSv3
CVE-2021-24252
The Event Banner WordPress plugin up to and including 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due to the lack of CSRF check, the issue can also be used via such vecto...
Wp-eventmanager Event Banner
6.1
CVSSv3
CVE-2020-15535
An issue exists in the bestsoftinc Car Rental System plugin up to and including 1.3 for WordPress. Persistent XSS can occur via any of the registration fields.
Bestsoftinc Car Rental System
6.1
CVSSv3
CVE-2020-14010
The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS via the data/typeahead-generate.php q (aka name) parameter.
Laborator Xenon 1.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-38627
CVE-2022-45803
CVE-2024-38319
camera
template injection
CVE-2024-27801
CVE-2024-0762
CVE-2024-5791
unauthorized
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »