Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.0.1 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-0647
The Bulk Creator WordPress plugin up to and including 1.0.1 does not sanitize and escape the post_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
Bulk Creator Project Bulk Creator
6.1
CVSSv3
CVE-2021-38332
The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/settings.php file which allows malicious users to inject arbitrary web scripts, in versions up to and in...
Ops-robots-txt Project Ops-robots-txt
6.1
CVSSv3
CVE-2021-38338
The Border Loading Bar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `f` and `t` parameter found in the ~/titan-framework/iframe-googlefont-preview.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1....
Border Loading Bar Project Border Loading Bar
6.1
CVSSv3
CVE-2021-24477
The Migrate Users WordPress plugin up to and including 1.0.1 does not sanitise or escape its Delimiter option before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its options, allowing t...
Migrate Users Project Migrate Users
6.1
CVSSv3
CVE-2014-10395
The cp-polls plugin prior to 1.0.1 for WordPress has XSS in the votes list.
Codepeople Polls Cp
6.1
CVSSv3
CVE-2015-7666
Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin prior to 1.0.2 for WordPress allow remote malicious users to inject arbitr...
Codepeople Payment Form For Paypal Pro
6.1
CVSSv3
CVE-2015-7667
Multiple cross-site scripting (XSS) vulnerabilities in (1) templates/admanagement/admanagement.php and (2) templates/adspot/adspot.php in the ResAds plugin prior to 1.0.2 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the page parameter.
Web-mv Resads
6.1
CVSSv3
CVE-2017-9420
Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin prior to 3.3.0 for WordPress allows remote malicious users to inject arbitrary JavaScript via the yr parameter.
Sunnythemes Spiffy Calendar 1.3.1
Sunnythemes Spiffy Calendar 1.1.8
Sunnythemes Spiffy Calendar 2.1.1
Sunnythemes Spiffy Calendar 3.1.2
Sunnythemes Spiffy Calendar 3.0.2
Sunnythemes Spiffy Calendar 3.1.3
Sunnythemes Spiffy Calendar 1.1.4
Sunnythemes Spiffy Calendar 1.1.3
Sunnythemes Spiffy Calendar 3.0.7
Sunnythemes Spiffy Calendar 1.2.0
Sunnythemes Spiffy Calendar 3.0.5
Sunnythemes Spiffy Calendar 3.1.0
Sunnythemes Spiffy Calendar 1.1.6
Sunnythemes Spiffy Calendar 3.0.8
Sunnythemes Spiffy Calendar 3.0.6
Sunnythemes Spiffy Calendar 1.1.5
Sunnythemes Spiffy Calendar 3.0.4
Sunnythemes Spiffy Calendar 1.2.1
Sunnythemes Spiffy Calendar 3.1.1
Sunnythemes Spiffy Calendar 1.0.0
Sunnythemes Spiffy Calendar 1.1.1
Sunnythemes Spiffy Calendar 1.1.7
5.4
CVSSv3
CVE-2023-5668
The WhatsApp Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'whatsapp' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...
Firecask Whatsapp Share Button
5.4
CVSSv3
CVE-2023-0175
The Responsive Clients Logo Gallery Plugin for WordPress plugin up to and including 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and a...
Accesspressthemes Smart Logo Showcase Lite 1.1.7
Accesspressthemes Smart Logo Showcase Lite 1.1.9
Accesspressthemes Smart Logo Showcase Lite 1.1.8
Accesspressthemes Smart Logo Showcase Lite 1.1.6
Accesspressthemes Smart Logo Showcase Lite 1.1.5
Accesspressthemes Smart Logo Showcase Lite 1.1.4
Accesspressthemes Smart Logo Showcase Lite 1.1.3
Accesspressthemes Smart Logo Showcase Lite 1.1.2
Accesspressthemes Smart Logo Showcase Lite 1.1.1
Accesspressthemes Smart Logo Showcase Lite 1.1.0
Accesspressthemes Smart Logo Showcase Lite 1.0.9
Accesspressthemes Smart Logo Showcase Lite 1.0.8
Accesspressthemes Smart Logo Showcase Lite 1.0.7
Accesspressthemes Smart Logo Showcase Lite 1.0.6
Accesspressthemes Smart Logo Showcase Lite 1.0.5
Accesspressthemes Smart Logo Showcase Lite 1.0.4
Accesspressthemes Smart Logo Showcase Lite 1.0.3
Accesspressthemes Smart Logo Showcase Lite 1.0.2
Accesspressthemes Smart Logo Showcase Lite 1.0.1
Accesspressthemes Smart Logo Showcase Lite 1.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »