Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.2.1 vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2021-24606
The Availability Calendar WordPress plugin prior to 1.2.1 does not escape the category attribute from its shortcode before using it in a SQL statement, leading to a SQL Injection issue, which can be exploited by any user able to add shortcode to posts/pages, such as contributor+
Offshorewebmaster Availability Calendar
801
VMScore
CVE-2021-24453
The Include Me WordPress plugin up to and including 1.2.1 is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution (RCE) of the system due to log poisoning and therefore potentially a full compromise of the underlying structure
Include Me Project Include Me
445
VMScore
CVE-2019-14365
The Intercom plugin up to and including 1.2.1 for WordPress leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members, etc.).
Intercom Intercom
383
VMScore
CVE-2015-9417
The testimonial-slider plugin up to and including 1.2.1 for WordPress has CSRF with resultant XSS.
Slidervilla Testimonial Slider
668
VMScore
CVE-2017-18605
The gravitate-qa-tracker plugin up to and including 1.2.1 for WordPress has PHP Object Injection.
Gravitatedesign Gravitate Qa Tracker
668
VMScore
CVE-2018-21013
The Swape theme prior to 1.2.1 for WordPress has incorrect access control, as demonstrated by allowing new administrator accounts via vectors involving xmlPath to wp-admin/admin-ajax.php.
Upperthemes Swape
383
VMScore
CVE-2017-18576
The event-notifier plugin prior to 1.2.1 for WordPress has XSS via the loading animation.
Event Notifier Project Event Notifier
383
VMScore
CVE-2017-18564
The sender plugin prior to 1.2.1 for WordPress has multiple XSS issues.
Bestwebsoft Sender
383
VMScore
CVE-2017-18490
The contact-form-multi plugin prior to 1.2.1 for WordPress has multiple XSS issues.
Bestwebsoft Contact Form Multi
690
VMScore
CVE-2015-2673
The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 up to and including 3.0.20 for WordPress allow remote malicious users to gain administrator privileges and execute arbitrary code via the opti...
Wpeasycart Wp Easycart 2.0.1
Wpeasycart Wp Easycart 1.2.16
Wpeasycart Wp Easycart 1.2.15
Wpeasycart Wp Easycart 1.2.14
Wpeasycart Wp Easycart 1.2.13
Wpeasycart Wp Easycart 1.2.12
Wpeasycart Wp Easycart 1.2.11
Wpeasycart Wp Easycart 1.2.10
Wpeasycart Wp Easycart 1.2.9
Wpeasycart Wp Easycart 1.2.8
Wpeasycart Wp Easycart 1.2.7
Wpeasycart Wp Easycart 1.2.6
Wpeasycart Wp Easycart 1.2.5
Wpeasycart Wp Easycart 1.2.4
Wpeasycart Wp Easycart 1.2.3
Wpeasycart Wp Easycart 1.2.2
Wpeasycart Wp Easycart 1.2.1
Wpeasycart Wp Easycart 1.2.0
Wpeasycart Wp Easycart 1.1.36
Wpeasycart Wp Easycart 1.1.35
Wpeasycart Wp Easycart 1.1.34
Wpeasycart Wp Easycart 1.1.33
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »