Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.0 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2016-10965
The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion.
Creativeinteractivemedia Real3d Flipbook 1.0
7.5
CVSSv3
CVE-2016-10966
The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ directory traversal for file upload.
Creativeinteractivemedia Real3d Flipbook 1.0
7.5
CVSSv3
CVE-2016-10956
The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.
Mail-masta Project Mail-masta 1.0
2 Github repositories
7.5
CVSSv3
CVE-2017-18604
The sitebuilder-dynamic-components plugin up to and including 1.0 for WordPress has PHP object injection via an AJAX request.
Sitebuilder Dynamic Components Project Sitebuilder Dynamic Components
7.5
CVSSv3
CVE-2018-16299
The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter.
Localize My Post Project Localize My Post 1.0
1 EDB exploit
7.5
CVSSv3
CVE-2015-4704
Directory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the File parameter to download.php.
Download Zip Attachments Project Download Zip Attachments 1.0
7.5
CVSSv3
CVE-2015-1000005
Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin
Candidate-application-form Project Candidate-application-form 1.0
7.5
CVSSv3
CVE-2015-1000010
Remote file download in simple-image-manipulator v1.0 wordpress plugin
Simple-image-manipulator Project Simple-image-manipulator 1.0
7.2
CVSSv3
CVE-2023-2482
The Responsive CSS EDITOR WordPress plugin up to and including 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admin.
Wpwox Responsive Css Editor
7.2
CVSSv3
CVE-2023-0924
The ZYREX POPUP WordPress plugin up to and including 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user (such as an Administrator) to upload arbitrary files, even when modifying the file system is disallowed, such as in a multi...
Zyrex Popup
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »