Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.2 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-0619
The Database Peek WordPress plugin up to and including 1.2 does not sanitize and escape the match parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
Database Peek Project Database Peek
NA
CVE-2022-242721
WordPress International SMS for Contact Form 7 Integration plugin version 1.2 suffers from a cross site request forgery vulnerability.
4.3
CVSSv3
CVE-2021-24733
The WP Post Page Clone WordPress plugin prior to 1.2 allows users with a role as low as Contributor to clone and view other users' draft and password-protected posts which they cannot view normally.
Wp Post Page Clone Project Wp Post Page Clone
6.1
CVSSv3
CVE-2021-39314
The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the dataid parameter found in the ~/includes/functions.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1.2.
Wanderlust-webdesign Woo-enviopack
6.1
CVSSv3
CVE-2021-39315
The Magic Post Voice WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the ids parameter found in the ~/inc/admin/main.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1.2.
Magic-post-voice Project Magic-post-voice
6.5
CVSSv3
CVE-2021-24845
The Improved Include Page WordPress plugin up to and including 1.2 allows passing shortcode attributes with post_type & post_status which can be used to retrieve arbitrary content. This way, users with a role as low as Contributor can gain access to content they are not suppo...
Improved Include Page Project Improved Include Page
8.8
CVSSv3
CVE-2021-24626
The Chameleon CSS WordPress plugin up to and including 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, remove_css, also does not sanitise o...
Chameleon Css Project Chameleon Css
5.4
CVSSv3
CVE-2021-24413
The Easy Twitter Feed WordPress plugin prior to 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortco...
Bplugins Easy Twitter Feed
5.4
CVSSv3
CVE-2021-24415
The Polo Video Gallery – Best wordpress video gallery plugin WordPress plugin up to and including 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be ...
Bplugins Polo Video Gallery
7.2
CVSSv3
CVE-2021-24398
The Add new scene functionality in the Responsive 3D Slider WordPress plugin up to and including 1.2 uses an id parameter which is not sanitised, escaped or validated before being inserted to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same fun...
Webpsilon Responsive 3d Slider
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »