Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.1.1 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2021-24780
The Single Post Exporter WordPress plugin up to and including 1.1.1 does not have CSRF checks when saving its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. ...
Single Post Exporter Project Single Post Exporter
8.1
CVSSv3
CVE-2021-39333
The Hashthemes Demo Importer Plugin <= 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the conten...
Hashthemes Hashthemes Demo Importer
7.2
CVSSv3
CVE-2021-24402
The Orders functionality in the WP iCommerce WordPress plugin up to and including 1.1.1 has an `order_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as ...
Solvercircle Wp Icommerce
8.8
CVSSv3
CVE-2021-24303
The JiangQie Official Website Mini Program WordPress plugin prior to 1.1.1 does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues
Jiangqie Official Website Mini Program
5.4
CVSSv3
CVE-2021-24301
The Hotjar Connecticator WordPress plugin up to and including 1.1.1 is vulnerable to Stored Cross-Site Scripting (XSS) in the 'hotjar script' textarea. The request did include a CSRF nonce that was properly verified by the server and this vulnerability could only be exp...
Bluemedicinelabs Hotjar Connecticator
7.5
CVSSv3
CVE-2015-9470
The history-collection plugin up to and including 1.1.1 for WordPress has directory traversal via the download.php var parameter.
Ionadas History Collection
8.8
CVSSv3
CVE-2016-11003
The Elegant Themes Bloom plugin prior to 1.1.1 for WordPress has privilege escalation.
Elegantthemes Monarch
9.8
CVSSv3
CVE-2015-9335
The limit-attempts plugin prior to 1.1.1 for WordPress has SQL injection during IP address handling.
Bestwebsoft Limit Attempts
6.1
CVSSv3
CVE-2017-18554
The analytics-tracker plugin prior to 1.1.1 for WordPress has XSS via a search event.
Analytics Tracker Project Analytics Tracker
6.1
CVSSv3
CVE-2015-9321
The shortcode-factory plugin prior to 1.1.1 for WordPress has XSS via add_query_arg.
Wpmadeeasy Shortcode Factory
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »