Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.0 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-0395
The menu shortcode WordPress plugin up to and including 1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripti...
Menu Shortcode Project Menu Shortcode
5.4
CVSSv3
CVE-2023-0153
The Vimeo Video Autoplay Automute WordPress plugin up to and including 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform...
Vimeo Video Autoplay Automute Project Vimeo Video Autoplay Automute
7.2
CVSSv3
CVE-2022-4547
The Conditional Payment Methods for WooCommerce WordPress plugin up to and including 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by [high privilege users such as admin|users with a role as low as...
Thedotstore Conditional Payment Methods For Woocommerce
6.1
CVSSv3
CVE-2022-4329
The Product list Widget for Woocommerce WordPress plugin up to and including 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users (s...
Product List Widget For Woocommerce Project Product List Widget For Woocommerce
7.2
CVSSv3
CVE-2022-4351
The Qe SEO Handyman WordPress plugin up to and including 1.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Qe Seo Handyman Project Qe Seo Handyman
7.2
CVSSv3
CVE-2022-4352
The Qe SEO Handyman WordPress plugin up to and including 1.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Qe Seo Handyman Project Qe Seo Handyman
9.8
CVSSv3
CVE-2022-4117
The IWS WordPress plugin up to and including 1.0 does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection.
Iws-geo-form-fields Project Iws-geo-form-fields
4.8
CVSSv3
CVE-2022-3753
The Evaluate WordPress plugin up to and including 1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in mu...
Evaluate Project Evaluate
4.8
CVSSv3
CVE-2022-44586
Auth. (admin+) Stored Cross-Site Scripting (XSS) in Ayoub Media AM-HiLi plugin <= 1.0 on WordPress.
Am-hili Project Am-hili
6.5
CVSSv3
CVE-2022-3400
The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page...
Bricksbuilder Bricks
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »