Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.0 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-36388
Cross-Site Request Forgery (CSRF) vulnerability in YDS Support Ticket System plugin <= 1.0 at WordPress.
Ydesignservices Yds Support Ticket System
4.8
CVSSv3
CVE-2022-37404
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christian Salazar's add2fav plugin <= 1.0 at WordPress.
Add2fav Project Add2fav
5.4
CVSSv3
CVE-2022-36341
Authenticated (subscriber+) plugin settings change leading to Stored Cross-Site Scripting (XSS) vulnerability in Akash soni's AS – Create Pinterest Pinboard Pages plugin <= 1.0 at WordPress.
As - Create Pinterest Pinboard Pages Project As - Create Pinterest Pinboard Pages
5.4
CVSSv3
CVE-2022-2299
The Allow SVG Files WordPress plugin up to and including 1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads
Allow Svg Files Project Allow Svg Files 1.0
Allow Svg Files Project Allow Svg Files 1.1
6.1
CVSSv3
CVE-2022-2146
The Import CSV Files WordPress plugin up to and including 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting
Import Csv Files Project Import Csv Files
4.8
CVSSv3
CVE-2022-2149
The Very Simple Breadcrumb WordPress plugin up to and including 1.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Very Simple Breadcrumb Project Very Simple Breadcrumb
4.3
CVSSv3
CVE-2022-1844
The WP Sentry WordPress plugin up to and including 1.0 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation a...
Wp-sentry Project Wp-sentry
6.5
CVSSv3
CVE-2022-1612
The Webriti SMTP Mail WordPress plugin up to and including 1.0 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack
Webriti Webriti Smtp Mail
5.4
CVSSv3
CVE-2022-1506
The WP Born Babies WordPress plugin up to and including 1.0 does not sanitise and escape some of its fields, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks
Wp Born Babies Project Wp Born Babies
4.3
CVSSv3
CVE-2022-1712
The LiveSync for WordPress plugin up to and including 1.0 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack
Livesync Project Livesync
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »