Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
blog project blog vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2022-2144
The Jquery Validation For Contact Form 7 WordPress plugin prior to 5.3 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change Blog options like default_role, users_can_register via a CSRF attack
Jquery Validation For Contact Form 7 Project Jquery Validation For Contact Form 7
383
VMScore
CVE-2022-30517
Mogu blog 5.2 is vulnerable to Cross Site Scripting (XSS).
Mogublog Project Mogublog 5.2
383
VMScore
CVE-2022-1793
The Private Files WordPress plugin up to and including 0.40 is missing CSRF check when disabling the protection, which could allow malicious users to make a logged in admin perform such action via a CSRF attack and make the blog public
Private Files Project Private Files 0.40
383
VMScore
CVE-2022-27174
Cross-site request forgery (CSRF) vulnerability in Easy Blog for EC-CUBE4 Ver.1.0.1 and previous versions allows a remote unauthenticated malicious user to hijack the authentication of the administrator and delete a blog article or a category via a specially crafted page.
Easy Blog Project Easy Blog
668
VMScore
CVE-2022-29659
Responsive Online Blog v1.0 exists to contain a SQL injection vulnerability via the id parameter at single.php.
Responsive Online Blog Project Responsive Online Blog 1.0
356
VMScore
CVE-2022-1203
The Content Mask WordPress plugin prior to 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify a...
Content Mask Project Content Mask
1 Github repository
668
VMScore
CVE-2022-28512
A SQL injection vulnerability exists in Sourcecodester Fantastic Blog CMS 1.0 . An attacker can inject query in "/fantasticblog/single.php" via the "id=5" parameters.
Fantastic Blog Project Fantastic Blog 1.0
1 Github repository
605
VMScore
CVE-2022-0952
The Sitemap by click5 WordPress plugin prior to 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blo...
Sitemap Project Sitemap
1 Github repository
445
VMScore
CVE-2022-0214
The Custom Popup Builder WordPress plugin prior to 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog
Custom Popup Builder Project Custom Popup Builder
580
VMScore
CVE-2022-23626
m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly. Although PHP issued warnings and the upload function returned `false`, the original file (that could contain a malicious payload...
Blog Project Blog
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »