Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.5.1 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2021-24749
The URL Shortify WordPress plugin prior to 1.5.1 does not have CSRF check in place when bulk-deleting links or groups, which could allow malicious users to make a logged in admin delete arbitrary link and group via a CSRF attack.
Kazencoders Url Shortify
3.5
CVSSv3
CVE-2021-25075
The Duplicate Page or Post WordPress plugin prior to 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's set...
Wpdevart Duplicate Page Or Post
1 Github repository
NA
CVE-2014-8800
Cross-site scripting (XSS) vulnerability in nextend-facebook-settings.php in the Nextend Facebook Connect plugin prior to 1.5.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the fb_login_button parameter in a newfb_update_options action.
Nextendweb Nextend Facebook Connect
1 EDB exploit
NA
CVE-2014-8584
Cross-site scripting (XSS) vulnerability in the Web Dorado Spider Video Player (aka WordPress Video Player) plugin prior to 1.5.2 for WordPress allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Web-dorado Web-dorado Spider Video Player 1.4.7
Web-dorado Web-dorado Spider Video Player 1.5.1
Web-dorado Web-dorado Spider Video Player 1.4.9
Web-dorado Web-dorado Spider Video Player 1.5
Web-dorado Web-dorado Spider Video Player 1.4.8
NA
CVE-2014-8585
Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.
Wpdownloadmanager Wordpress Download Manager 2.6.91
Wpdownloadmanager Wordpress Download Manager 2.6.9
Wpdownloadmanager Wordpress Download Manager 2.6.2
Wpdownloadmanager Wordpress Download Manager 2.6.1
Wpdownloadmanager Wordpress Download Manager 2.5.93
Wpdownloadmanager Wordpress Download Manager 2.5.92
Wpdownloadmanager Wordpress Download Manager 2.5.4
Wpdownloadmanager Wordpress Download Manager 2.5.3
Wpdownloadmanager Wordpress Download Manager 2.4.6
Wpdownloadmanager Wordpress Download Manager 2.4.5
Wpdownloadmanager Wordpress Download Manager 2.3.7
Wpdownloadmanager Wordpress Download Manager 2.3.6
Wpdownloadmanager Wordpress Download Manager 2.2.9
Wpdownloadmanager Wordpress Download Manager 2.2.8
Wpdownloadmanager Wordpress Download Manager 2.2.1
Wpdownloadmanager Wordpress Download Manager 2.2.0
Wpdownloadmanager Wordpress Download Manager 2.1.3
Wpdownloadmanager Wordpress Download Manager 2.0.16
Wpdownloadmanager Wordpress Download Manager 2.0.15
Wpdownloadmanager Wordpress Download Manager 2.0.8
Wpdownloadmanager Wordpress Download Manager 2.0.7
Wpdownloadmanager Wordpress Download Manager 1.5.33
NA
CVE-2014-5344
Multiple cross-site scripting (XSS) vulnerabilities in the Mobiloud (mobiloud-mobile-app-plugin) plugin prior to 2.3.8 for WordPress allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third pa...
Mobiloud Mobiloud 2.3.1
Mobiloud Mobiloud 2.1
Mobiloud Mobiloud 1.8.11
Mobiloud Mobiloud 1.8.9
Mobiloud Mobiloud 1.8.2
Mobiloud Mobiloud 1.8.0
Mobiloud Mobiloud 1.6.2
Mobiloud Mobiloud 1.6
Mobiloud Mobiloud 1.4
Mobiloud Mobiloud 1.3.7
Mobiloud Mobiloud 1.2.5
Mobiloud Mobiloud 1.0
Mobiloud Mobiloud 1.8.8
Mobiloud Mobiloud 1.8.7
Mobiloud Mobiloud 1.8.6
Mobiloud Mobiloud 1.8.5
Mobiloud Mobiloud 1.5.3
Mobiloud Mobiloud 1.5.2
Mobiloud Mobiloud 1.5.1
Mobiloud Mobiloud 1.5
Mobiloud Mobiloud 1.9.0
Mobiloud Mobiloud 1.8.16
NA
CVE-2014-3903
Cross-site scripting (XSS) vulnerability in the Cakifo theme 1.x prior to 1.6.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via crafted Exif data.
Jayj Cakifo 1.4.3
Jayj Cakifo 1.4.2
Jayj Cakifo 1.4.1
Jayj Cakifo 1.5.0
Jayj Cakifo 1.4.4
Jayj Cakifo 1.6
Jayj Cakifo 1.5.1
Jayj Cakifo
Jayj Cakifo 1.4
NA
CVE-2014-3937
SQL injection vulnerability in the Contextual Related Posts plugin prior to 1.8.10.2 for WordPress allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Ajaydsouza Contextual Related Posts 1.8.9.1
Ajaydsouza Contextual Related Posts 1.8.8
Ajaydsouza Contextual Related Posts 1.8.1
Ajaydsouza Contextual Related Posts 1.7.3
Ajaydsouza Contextual Related Posts 1.6.4
Ajaydsouza Contextual Related Posts 1.6.2
Ajaydsouza Contextual Related Posts 1.4.1
Ajaydsouza Contextual Related Posts 1.3.1
Ajaydsouza Contextual Related Posts 1.0
Ajaydsouza Contextual Related Posts 1.8.6
Ajaydsouza Contextual Related Posts 1.8.5
Ajaydsouza Contextual Related Posts 1.8.4
Ajaydsouza Contextual Related Posts 1.8.3
Ajaydsouza Contextual Related Posts 1.6
Ajaydsouza Contextual Related Posts 1.5.2
Ajaydsouza Contextual Related Posts 1.5.1
Ajaydsouza Contextual Related Posts 1.5
Ajaydsouza Contextual Related Posts 1.4.2
Ajaydsouza Contextual Related Posts
Ajaydsouza Contextual Related Posts 1.8.10
Ajaydsouza Contextual Related Posts 1.7.2
Ajaydsouza Contextual Related Posts 1.7.1
NA
CVE-2013-2710
Cross-site request forgery (CSRF) vulnerability in the Contextual Related Posts plugin prior to 1.8.7 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via unspecified vectors.
Ajaydsouza Contextual Related Posts 1.8.1
Ajaydsouza Contextual Related Posts 1.8
Ajaydsouza Contextual Related Posts 1.6.3
Ajaydsouza Contextual Related Posts 1.6.2
Ajaydsouza Contextual Related Posts 1.4
Ajaydsouza Contextual Related Posts 1.3.1
Ajaydsouza Contextual Related Posts 1.8.5
Ajaydsouza Contextual Related Posts 1.8.4
Ajaydsouza Contextual Related Posts 1.7.1
Ajaydsouza Contextual Related Posts 1.7
Ajaydsouza Contextual Related Posts 1.5.2
Ajaydsouza Contextual Related Posts 1.5.1
Ajaydsouza Contextual Related Posts 1.5
Ajaydsouza Contextual Related Posts 1.2.1
Ajaydsouza Contextual Related Posts 1.2
Ajaydsouza Contextual Related Posts 1.8.3
Ajaydsouza Contextual Related Posts 1.8.2
Ajaydsouza Contextual Related Posts 1.6.5
Ajaydsouza Contextual Related Posts 1.6.4
Ajaydsouza Contextual Related Posts 1.4.2
Ajaydsouza Contextual Related Posts 1.4.1
Ajaydsouza Contextual Related Posts 1.1.1
NA
CVE-2014-2558
The File Gallery plugin prior to 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting fields to /wp-admin/options-media.php, related to the create_function function.
Skyphe File-gallery 1.7.2
Skyphe File-gallery 1.7.1
Skyphe File-gallery 1.7
Skyphe File-gallery 1.6.5.5
Skyphe File-gallery 1.6.6
Skyphe File-gallery 1.6.5.4
Skyphe File-gallery 1.6.5.3
Skyphe File-gallery 1.5.7
Skyphe File-gallery 1.5.6
Skyphe File-gallery 1.5.5
Skyphe File-gallery 1.5.4
Skyphe File-gallery 1.7.5.3
Skyphe File-gallery 1.7.5.1
Skyphe File-gallery 1.7.5
Skyphe File-gallery 1.6.3
Skyphe File-gallery 1.6.2
Skyphe File-gallery 1.6.0.1
Skyphe File-gallery 1.6
Skyphe File-gallery 1.5
Skyphe File-gallery
Skyphe File-gallery 1.7.7
Skyphe File-gallery 1.7.4.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »