Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.0.1 vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2022-36285
Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.
Uploading Svg, Webp And Ico Files Project Uploading Svg, Webp And Ico Files
5.4
CVSSv3
CVE-2022-34648
Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.
Uploading Svg, Webp And Ico Files Project Uploading Svg, Webp And Ico Files
5.4
CVSSv3
CVE-2022-36343
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress.
Ideastocode Enable Svg, Webp & Ico Upload
8.8
CVSSv3
CVE-2022-34154
Authenticated (author or higher user role) Arbitrary File Upload vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress.
Ideastocode Enable Svg, Webp & Ico Upload
9.8
CVSSv3
CVE-2022-34839
Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server plugin <= 1.0.1 at WordPress.
Codexshaper Wp Oauth2 Server
8.8
CVSSv3
CVE-2022-1912
The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation on the smartsoftbutton_settings page. This makes it possible for unauthenticated malicious users to update...
Smartsoft Button Widget Smartsoft 1.0.1
8.8
CVSSv3
CVE-2022-1749
The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplugin_atf_admin_setting_page() function found in the ~/inc/config/create-plugin-config.php file due to a missing nonce check which allows malicious users to inject arbitrary web scrip...
Wpmk Ajax Finder Project Wpmk Ajax Finder
8.8
CVSSv3
CVE-2022-1969
The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the admin_update_data() function. This makes it possible for unauthenticated malicious...
Script Mobile Browser Color Select
6.5
CVSSv3
CVE-2021-25116
The Enqueue Anything WordPress plugin up to and including 1.0.1 does not have authorisation and CSRF checks in the remove_asset AJAX action, and does not ensure that the item to be deleted is actually an asset. As a result, low privilege users such as subscriber could delete arbi...
Enqueue Anything Project Enqueue Anything
5.4
CVSSv3
CVE-2022-1112
The Autolinks WordPress plugin up to and including 1.0.1 does not have CSRF check in place when updating its settings, and does not sanitise as well as escape them, which could allow malicious users to perform Stored Cross-Site scripting against a logged in admin via a CSRF attac...
Autolinks Project Autolinks
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »