Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.5 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-14751
The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to the Job Qualification field.
Intensewp Wp Jobs 1.0
Intensewp Wp Jobs 1.1
Intensewp Wp Jobs 1.2
Intensewp Wp Jobs 1.3
Intensewp Wp Jobs 1.4
Intensewp Wp Jobs 1.5
5.7
CVSSv3
CVE-2021-24752
Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin prior to 1.9, To Top WordPress plugin prior to 2.3,...
Catchplugins Catch Scroll Progress Bar
Catchplugins Catch Sticky Menu
Catchplugins Catch Themes Demo Import
Catchplugins Catch Under Construction
Catchplugins Catch Web Tools
Catchplugins Essential Content Types
Catchplugins Generate Child Theme
Catchplugins Header Enhancement
Catchplugins To Top
Catchplugins Essential Widgets
5.4
CVSSv3
CVE-2024-2089
The Remote Content Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'remote_content' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
5.4
CVSSv3
CVE-2023-0424
The MS-Reviews WordPress plugin up to and including 1.5 does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks
Ms-reviews Project Ms-reviews
5.4
CVSSv3
CVE-2022-4750
The WP Responsive Testimonials Slider And Widget WordPress plugin up to and including 1.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and a...
Wp Responsive Testimonials Slider And Widget Project Wp Responsive Testimonials Slider And Widget
5.4
CVSSv3
CVE-2018-10309
The Responsive Cookie Consent plugin prior to 1.8 for WordPress mishandles number fields, leading to XSS.
Responsive Cookie Consent Project Responsive Cookie Consent
1 EDB exploit
5.3
CVSSv3
CVE-2022-3891
The WP FullCalendar WordPress plugin prior to 1.5 does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated malicious users to get the content of arbitrary posts, including draft/private as we...
Pixelite Wp Fullcalendar
4.8
CVSSv3
CVE-2021-24718
The Contact Form, Survey & Popup Form Plugin for WordPress plugin prior to 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Reputeinfosystems Contact Form, Survey & Popup Form Plugin For Wordpress - Arforms Form Builder
4.8
CVSSv3
CVE-2016-10763
The CampTix Event Ticketing plugin prior to 1.5 for WordPress allows XSS in the admin section via a ticket title or body.
Automattic Camptix Event Ticketing
4.3
CVSSv3
CVE-2023-2561
The Gallery Metabox for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gallery_remove function in versions up to, and including, 1.5. This makes it possible for subscriber-level malicious users to modify galleries attached to...
Gallery-metabox Project Gallery-metabox
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »