Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
blog project vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2018-16780
Complete Responsive CMS Blog through 2018-05-20 has XSS via a comment.
Complete Responsive Cms Blog Project Complete Responsive Cms Blog
NA
CVE-2022-2425
The WP DS Blog Map WordPress plugin up to and including 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in m...
Wp Ds Blog Map Project Wp Ds Blog Map
7.5
CVSSv2
CVE-2018-17391
SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter.
Super Cms Blog Pro Project Super Cms Blog Pro 1.0
1 EDB exploit
NA
CVE-2022-36030
Project-nexus is a general-purpose blog website framework. Affected versions are subject to SQL injection due to a lack of sensitization of user input. This issue has not yet been patched. Users are advised to restrict user input and to upgrade when a new release becomes availabl...
Project-nexus Project Project-nexus 1.0.1
4.3
CVSSv2
CVE-2021-46027
mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, a blog tag will be added
Mysiteforme Project Mysiteforme -
6.8
CVSSv2
CVE-2022-0952
The Sitemap by click5 WordPress plugin prior to 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blo...
Sitemap Project Sitemap
1 Github repository
4.3
CVSSv2
CVE-2022-30517
Mogu blog 5.2 is vulnerable to Cross Site Scripting (XSS).
Mogublog Project Mogublog 5.2
NA
CVE-2023-37995
Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-CopyProtect [Protect your blog posts] plugin <= 3.1.0 versions.
Wp-copyprotect Project Wp-copyprotect
4.3
CVSSv2
CVE-2012-3414
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and previous versions, as used in WordPress prior to 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote malicious users to inject arbitrary web script or HTML via the movieName paramet...
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.1.3
Swfupload Project Swfupload 1.0.2
Swfupload Project Swfupload 2.0.2
Wordpress Wordpress 3.0.3
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.2
Swfupload Project Swfupload 2.1.0
Wordpress Wordpress 3.0.5
Wordpress Wordpress 3.0.6
Wordpress Wordpress 3.2.1
Wordpress Wordpress 3.3
Swfupload Project Swfupload 2.2.0
Swfupload Project Swfupload
Wordpress Wordpress -
Wordpress Wordpress 3.0
Wordpress Wordpress 3.1
Wordpress Wordpress 3.1.1
Wordpress Wordpress
1 EDB exploit
2 Github repositories
1 Article
3.5
CVSSv2
CVE-2018-19902
No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article "keyword" parameter.
No-cms Project No-cms 1.1.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »