Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.3.1 vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2021-24708
The Export any WordPress data to XML/CSV WordPress plugin prior to 1.3.1 does not escape its Export's Name before outputting it in Manage Exports settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability...
Wp All Export Project Wp All Export
6.1
CVSSv3
CVE-2017-9420
Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin prior to 3.3.0 for WordPress allows remote malicious users to inject arbitrary JavaScript via the yr parameter.
Sunnythemes Spiffy Calendar 1.3.1
Sunnythemes Spiffy Calendar 1.1.8
Sunnythemes Spiffy Calendar 2.1.1
Sunnythemes Spiffy Calendar 3.1.2
Sunnythemes Spiffy Calendar 3.0.2
Sunnythemes Spiffy Calendar 3.1.3
Sunnythemes Spiffy Calendar 1.1.4
Sunnythemes Spiffy Calendar 1.1.3
Sunnythemes Spiffy Calendar 3.0.7
Sunnythemes Spiffy Calendar 1.2.0
Sunnythemes Spiffy Calendar 3.0.5
Sunnythemes Spiffy Calendar 3.1.0
Sunnythemes Spiffy Calendar 1.1.6
Sunnythemes Spiffy Calendar 3.0.8
Sunnythemes Spiffy Calendar 3.0.6
Sunnythemes Spiffy Calendar 1.1.5
Sunnythemes Spiffy Calendar 3.0.4
Sunnythemes Spiffy Calendar 1.2.1
Sunnythemes Spiffy Calendar 3.1.1
Sunnythemes Spiffy Calendar 1.0.0
Sunnythemes Spiffy Calendar 1.1.1
Sunnythemes Spiffy Calendar 1.1.7
NA
CVE-2013-5963
Unrestricted file upload vulnerability in multi.php in Simple Dropbox Upload plugin prior to 1.8.8.1 for WordPress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-co...
Cdsincdesign Simple Dropbox Upload Form
Cdsincdesign Simple Dropbox Upload Form 0.5.0
Cdsincdesign Simple Dropbox Upload Form 1.0.0
Cdsincdesign Simple Dropbox Upload Form 1.1.0
Cdsincdesign Simple Dropbox Upload Form 1.1.1
Cdsincdesign Simple Dropbox Upload Form 1.1.2
Cdsincdesign Simple Dropbox Upload Form 1.2.0
Cdsincdesign Simple Dropbox Upload Form 1.3.0
Cdsincdesign Simple Dropbox Upload Form 1.3.1
Cdsincdesign Simple Dropbox Upload Form 1.4.0
Cdsincdesign Simple Dropbox Upload Form 1.5.0
Cdsincdesign Simple Dropbox Upload Form 1.5.1
Cdsincdesign Simple Dropbox Upload Form 1.5.2
Cdsincdesign Simple Dropbox Upload Form 1.5.3
Cdsincdesign Simple Dropbox Upload Form 1.6.0
Cdsincdesign Simple Dropbox Upload Form 1.7.0
Cdsincdesign Simple Dropbox Upload Form 1.8.0
Cdsincdesign Simple Dropbox Upload Form 1.8.1
Cdsincdesign Simple Dropbox Upload Form 1.8.2
Cdsincdesign Simple Dropbox Upload Form 1.8.3
Cdsincdesign Simple Dropbox Upload Form 1.8.4
Cdsincdesign Simple Dropbox Upload Form 1.8.5
8.8
CVSSv3
CVE-2023-0234
The SiteGround Security WordPress plugin prior to 1.3.1 does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue.
Siteground Siteground Security
5.4
CVSSv3
CVE-2022-28612
Improper Access Control vulnerability leading to multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Muneeb's Custom Popup Builder plugin <= 1.3.1 at WordPress.
Custom Popup Builder Project Custom Popup Builder
4.3
CVSSv3
CVE-2022-3994
The Authenticator WordPress plugin prior to 1.3.1 does not prevent subscribers from updating a site's feed access token, which may deny other users access to the functionality in certain configurations.
Authenticator Project Authenticator
NA
CVE-2013-2710
Cross-site request forgery (CSRF) vulnerability in the Contextual Related Posts plugin prior to 1.8.7 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via unspecified vectors.
Ajaydsouza Contextual Related Posts 1.8.4
Ajaydsouza Contextual Related Posts 1.3
Ajaydsouza Contextual Related Posts 1.5.1
Ajaydsouza Contextual Related Posts 1.2.1
Ajaydsouza Contextual Related Posts 1.6.1
Ajaydsouza Contextual Related Posts 1.7.2
Ajaydsouza Contextual Related Posts 1.1.1
Ajaydsouza Contextual Related Posts 1.2.2
Ajaydsouza Contextual Related Posts 1.1
Ajaydsouza Contextual Related Posts 1.6
Ajaydsouza Contextual Related Posts
Ajaydsouza Contextual Related Posts 1.8.1
Ajaydsouza Contextual Related Posts 1.4
Ajaydsouza Contextual Related Posts 1.7.3
Ajaydsouza Contextual Related Posts 1.0
Ajaydsouza Contextual Related Posts 1.6.4
Ajaydsouza Contextual Related Posts 1.5
Ajaydsouza Contextual Related Posts 1.6.3
Ajaydsouza Contextual Related Posts 1.8.3
Ajaydsouza Contextual Related Posts 1.4.1
Ajaydsouza Contextual Related Posts 1.3.1
Ajaydsouza Contextual Related Posts 1.4.2
6.1
CVSSv3
CVE-2021-24286
The settings page of the Redirect 404 to parent WordPress plugin prior to 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue
Mooveagency Redirect 404 To Parent
8.8
CVSSv3
CVE-2020-36666
The directory-pro WordPress plugin prior to 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin prior to 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin prior to 1.0.9, real-estate-pro WordPress plugin prior to 1.7.1, insti...
E-plugins Wp Membership
E-plugins Fitness Trainer
E-plugins Hotel Directory
E-plugins Hospital & Doctor Directory
E-plugins Lawyer Directory
E-plugins Institutions Directory
E-plugins Real Estate Pro
E-plugins Final User
E-plugins Directory Pro
E-plugins Photographer-directory
E-plugins Producer-retailer -
6.5
CVSSv3
CVE-2022-1831
The WPlite WordPress plugin up to and including 1.3.1 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack
Wplite Project Wplite
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »