Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.2 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-1216
The Advanced Image Sitemap WordPress plugin up to and including 1.2 does not sanitise and escape the PHP_SELF PHP variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting.
Advanced Image Sitemap Project Advanced Image Sitemap
6.1
CVSSv3
CVE-2022-0619
The Database Peek WordPress plugin up to and including 1.2 does not sanitize and escape the match parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
Database Peek Project Database Peek
6.1
CVSSv3
CVE-2021-39314
The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the dataid parameter found in the ~/includes/functions.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1.2.
Wanderlust-webdesign Woo-enviopack
6.1
CVSSv3
CVE-2021-39315
The Magic Post Voice WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the ids parameter found in the ~/inc/admin/main.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1.2.
Magic-post-voice Project Magic-post-voice
6.1
CVSSv3
CVE-2021-24510
The MF Gig Calendar WordPress plugin prior to 1.2 does not sanitise and escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue
Mf Gig Calendar Project Mf Gig Calendar
6.1
CVSSv3
CVE-2021-38334
The WP Design Maps & Places WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the filename parameter found in the ~/wpdmp-admin.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1.2.
Amazingweb Wp-design-maps-places
6.1
CVSSv3
CVE-2021-38340
The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the update_row parameter found in the ~/includes/add_product.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1.2.
Wordpress Simple Shop Project Wordpress Simple Shop
6.1
CVSSv3
CVE-2021-34651
The Scribble Maps WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the map parameter in the ~/includes/admin.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1.2.
Scribblemaps Scribble Maps
6.1
CVSSv3
CVE-2020-11022
In jQuery versions greater than or equal to 1.2 and prior to 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuer...
Jquery Jquery
Drupal Drupal
Debian Debian Linux 9.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Oracle Weblogic Server 12.1.3.0.0
Oracle Jdeveloper 11.1.1.9.0
Oracle Retail Back Office 14.1
Oracle Retail Back Office 14.0
Oracle Peoplesoft Enterprise Peopletools 8.56
Oracle Weblogic Server 10.3.6.0.0
Oracle Communications Webrtc Session Controller 7.2
Oracle Weblogic Server 12.2.1.3.0
Oracle Agile Product Lifecycle Management For Process 6.2.0.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Application Testing Suite 13.3.0.1
Oracle Retail Returns Management 14.0
Oracle Retail Returns Management 14.1
Oracle Jdeveloper 12.2.1.3.0
Oracle Policy Automation Connector For Siebel 10.4.6
Oracle Financial Services Market Risk Measurement And Management 8.0.6
13 Github repositories
6.1
CVSSv3
CVE-2016-10976
The safe-editor plugin prior to 1.2 for WordPress has no se_save authentication, with resultant XSS.
Kodebyraaet Safe Editor
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »