Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.0.1 vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2022-3909
The Add Comments WordPress plugin up to and including 1.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example i...
Add Comments Project Add Comments
5.3
CVSSv3
CVE-2022-2350
The Disable User Login WordPress plugin up to and including 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated malicious users to block (or unblock) users at will.
Brainvire Disable User Login
9.8
CVSSv3
CVE-2022-37344
Missing Access Control vulnerability in PHP Crafts Accommodation System plugin <= 1.0.1 at WordPress.
Accommodation-system Project Accommodation-system
7.2
CVSSv3
CVE-2022-36285
Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.
Uploading Svg, Webp And Ico Files Project Uploading Svg, Webp And Ico Files
5.4
CVSSv3
CVE-2022-34648
Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.
Uploading Svg, Webp And Ico Files Project Uploading Svg, Webp And Ico Files
8.8
CVSSv3
CVE-2022-34154
Authenticated (author or higher user role) Arbitrary File Upload vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress.
Ideastocode Enable Svg, Webp & Ico Upload
5.4
CVSSv3
CVE-2022-36343
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress.
Ideastocode Enable Svg, Webp & Ico Upload
9.8
CVSSv3
CVE-2022-34839
Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server plugin <= 1.0.1 at WordPress.
Codexshaper Wp Oauth2 Server
8.8
CVSSv3
CVE-2022-1912
The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation on the smartsoftbutton_settings page. This makes it possible for unauthenticated malicious users to update...
Smartsoft Button Widget Smartsoft 1.0.1
8.8
CVSSv3
CVE-2022-1749
The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplugin_atf_admin_setting_page() function found in the ~/inc/config/create-plugin-config.php file due to a missing nonce check which allows malicious users to inject arbitrary web scrip...
Wpmk Ajax Finder Project Wpmk Ajax Finder
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-38627
CVE-2022-45803
CVE-2024-38319
camera
template injection
CVE-2024-27801
CVE-2024-0762
CVE-2024-5791
unauthorized
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »