Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.2 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-3538
The Webmaster Tools Verification WordPress plugin up to and including 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins
Webmaster Tools Verification Project Webmaster Tools Verification
6.5
CVSSv3
CVE-2021-24845
The Improved Include Page WordPress plugin up to and including 1.2 allows passing shortcode attributes with post_type & post_status which can be used to retrieve arbitrary content. This way, users with a role as low as Contributor can gain access to content they are not suppo...
Improved Include Page Project Improved Include Page
6.5
CVSSv3
CVE-2015-9443
The accurate-form-data-real-time-form-validation plugin 1.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=Accu_Data_WP.
Wp Accurate Form Data Project Wp Accurate Form Data 1.2
6.5
CVSSv3
CVE-2015-9332
The uninstall plugin prior to 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI.
Wordpress Uninstall Project Wordpress Uninstall
6.5
CVSSv3
CVE-2014-2675
Cross-site request forgery (CSRF) vulnerability in inc/AdminPage.php in the WP HTML Sitemap plugin 1.2 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that delete the sitemap via a request to the wp-html-sitemap page in wp-a...
Wp-html-sitemap Project Wp-html-sitemap 1.2
6.1
CVSSv3
CVE-2024-0678
The Order Delivery Date for WP e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'available-days-tf' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible...
Tychesoftwares Order Delivery Date For Wp E-commerce
6.1
CVSSv3
CVE-2015-10128
A vulnerability was found in rt-prettyphoto Plugin up to 1.2 on WordPress and classified as problematic. Affected by this issue is the function royal_prettyphoto_plugin_links of the file rt-prettyphoto.php. The manipulation leads to cross site scripting. The attack may be launche...
Royaltechbd Royal Prettyphoto
6.1
CVSSv3
CVE-2023-2813
All of the above Aapna WordPress theme up to and including 1.3, Anand WordPress theme up to and including 1.2, Anfaust WordPress theme up to and including 1.1, Arendelle WordPress theme prior to 1.1.13, Atlast Business WordPress theme up to and including 1.5.8.5, Bazaar Lite Word...
Saumendra Aapna
Saumendra Anand
Thewebhunter Anfaust
Deothemes Arendelle
Archimidismertzanos Atlast Business
Themeinprogress Bazaar Lite
Arthousewebdesign Brain Power
Yws Bunnypress Lite
Ayecode Cafe Bistro
Ayecode College
Omarfolgheraiter Digitally
Henleythemes Counterpoint
Ajaydsouza Connections Reloaded
Competethemes Drop
Ayecode Directory
Deothemes Everse
Archimidismertzanos Fashionable Store
Marchettidesign Fullbase
Dotecsa Ilex
Jinwen Js O3 Lite
Climaxthemes Kata
Jinwen Js Paper
6.1
CVSSv3
CVE-2023-0733
The Newsletter Popup WordPress plugin up to and including 1.2 does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks
Newsletter Popup Project Newsletter Popup
6.1
CVSSv3
CVE-2022-4267
The Bulk Delete Users by Email WordPress plugin up to and including 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
Speakdigital Bulk Delete Users By Email
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »