Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.4 vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2019-15772
The nd-donations plugin prior to 1.4 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.
Donations Project Donations
5.8
CVSSv2
CVE-2015-1000002
Open Proxy in filedownload v1.4 wordpress plugin
Filedownload Project Filedownload 1.4
5
CVSSv2
CVE-2022-1595
The HC Custom WP-Admin URL WordPress plugin up to and including 1.4 leaks the secret login URL when sending a specific crafted request
Hc Custom Wp-admin Url Project Hc Custom Wp-admin Url
5
CVSSv2
CVE-2015-5065
Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin prior to 1.4 for WordPress allows remote malicious users to read arbitrary files via a full pathname in the requrl parameter.
Intelligent-it Paypal Currency Converter Basic For Woocommerce
1 EDB exploit
5
CVSSv2
CVE-2014-8585
Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.
Wpdownloadmanager Wordpress Download Manager 2.6.91
Wpdownloadmanager Wordpress Download Manager 2.6.9
Wpdownloadmanager Wordpress Download Manager 2.6.2
Wpdownloadmanager Wordpress Download Manager 2.6.1
Wpdownloadmanager Wordpress Download Manager 2.5.93
Wpdownloadmanager Wordpress Download Manager 2.5.92
Wpdownloadmanager Wordpress Download Manager 2.5.4
Wpdownloadmanager Wordpress Download Manager 2.5.3
Wpdownloadmanager Wordpress Download Manager 2.4.6
Wpdownloadmanager Wordpress Download Manager 2.4.5
Wpdownloadmanager Wordpress Download Manager 2.3.7
Wpdownloadmanager Wordpress Download Manager 2.3.6
Wpdownloadmanager Wordpress Download Manager 2.2.9
Wpdownloadmanager Wordpress Download Manager 2.2.8
Wpdownloadmanager Wordpress Download Manager 2.2.1
Wpdownloadmanager Wordpress Download Manager 2.2.0
Wpdownloadmanager Wordpress Download Manager 2.1.3
Wpdownloadmanager Wordpress Download Manager 2.0.16
Wpdownloadmanager Wordpress Download Manager 2.0.15
Wpdownloadmanager Wordpress Download Manager 2.0.8
Wpdownloadmanager Wordpress Download Manager 2.0.7
Wpdownloadmanager Wordpress Download Manager 1.5.33
5
CVSSv2
CVE-2009-2432
WordPress and WordPress MU prior to 2.8.1 allow remote malicious users to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message.
Wordpress Wordpress 2.6
Wordpress Wordpress 2.5.1
Wordpress Wordpress 2.3
Wordpress Wordpress 2.2 Revision5003
Wordpress Wordpress 2.1
Wordpress Wordpress 2.1.3 Rc2
Wordpress Wordpress 2.0.8
Wordpress Wordpress 2.0.7
Wordpress Wordpress 2.0.10 Rc1
Wordpress Wordpress 2.0.10
Wordpress Wordpress 1.5.1.1
Wordpress Wordpress 1.5.1
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.2-mingus
Wordpress Wordpress 1.0.2
Wordpress Wordpress 1.0.1-miles
Wordpress Wordpress 0.72
Wordpress Wordpress 0.711
Wordpress Wordpress 0.6.2
Wordpress Wordpress 2.6.1
Wordpress Wordpress 2.6.3
Wordpress Wordpress Mu 1.2.4
4.9
CVSSv2
CVE-2009-2334
wp-admin/admin.php in WordPress and WordPress MU prior to 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote malicious users to specify a configuration file in the page parameter to obtain sensitive information or mod...
Wordpress Wordpress 2.3.3
Wordpress Wordpress 2.3.2
Wordpress Wordpress 2.2.2
Wordpress Wordpress 2.2.1
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.1
Wordpress Wordpress 2.6
Wordpress Wordpress 2.3.1
Wordpress Wordpress 2.2.0
Wordpress Wordpress 2.2
Wordpress Wordpress 2.0.9
Wordpress Wordpress 2.0.8
Wordpress Wordpress 2.0.11
Wordpress Wordpress 2.0.10 Rc2
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 1.2.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 2.5.1
Wordpress Wordpress 2.5
Wordpress Wordpress 2.3
Wordpress Wordpress 2.2 Revision5003
1 EDB exploit
4.3
CVSSv2
CVE-2022-1594
The HC Custom WP-Admin URL WordPress plugin up to and including 1.4 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack, allowing them to change the login URL
Hc Custom Wp-admin Url Project Hc Custom Wp-admin Url
4.3
CVSSv2
CVE-2022-0621
The dTabs WordPress plugin up to and including 1.4 does not sanitize and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
Dtabs Project Dtabs
4.3
CVSSv2
CVE-2021-38330
The Yet Another bol.com Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/yabp.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1.4.
Tromit Yabp
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »