Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.0 vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2022-4547
The Conditional Payment Methods for WooCommerce WordPress plugin up to and including 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by [high privilege users such as admin|users with a role as low as...
Thedotstore Conditional Payment Methods For Woocommerce
7.2
CVSSv3
CVE-2022-4352
The Qe SEO Handyman WordPress plugin up to and including 1.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Qe Seo Handyman Project Qe Seo Handyman
7.2
CVSSv3
CVE-2022-4351
The Qe SEO Handyman WordPress plugin up to and including 1.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Qe Seo Handyman Project Qe Seo Handyman
7.2
CVSSv3
CVE-2021-25119
The AGIL WordPress plugin up to and including 1.0 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE
Wpsocket Automatic Grid Image Listing
7.2
CVSSv3
CVE-2021-24629
The Post Content XMLRPC WordPress plugin up to and including 1.0 does not sanitise or escape multiple GET/POST parameters before using them in SQL statements in the admin dashboard, leading to an authenticated SQL Injections
Post Content Xmlrpc Project Post Content Xmlrpc
7.2
CVSSv3
CVE-2021-24662
The Game Server Status WordPress plugin up to and including 1.0 does not validate or escape the server_id parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page
Game-server-status Project Game-server-status
7.2
CVSSv3
CVE-2021-24401
The Edit domain functionality in the WP Domain Redirect WordPress plugin up to and including 1.0 has an `editid` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
Wp-domain-redirect Project Wp-domain-redirect
7.2
CVSSv3
CVE-2021-24399
The check_order function of The Sorter WordPress plugin up to and including 1.0 uses an `area_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
Ombu The Sorter
7.2
CVSSv3
CVE-2021-24403
The Orders functionality in the WordPress Page Contact plugin up to and including 1.0 has an order_id parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as cont...
Wpagecontact Project Wpagecontact
7.2
CVSSv3
CVE-2021-24392
An id GET parameter of the WordPress Membership SwiftCloud.io WordPress plugin up to and including 1.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
Swiftcrm Club-management-software
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »