Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.0.1 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-0647
The Bulk Creator WordPress plugin up to and including 1.0.1 does not sanitize and escape the post_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
Bulk Creator Project Bulk Creator
4.3
CVSSv3
CVE-2021-24688
The Orange Form WordPress plugin up to and including 1.0.1 does not have any authorisation and CSRF checks in all of its AJAX calls, for example the or_delete_filed one which is available to both unauthenticated and authenticated users could allow malicious users to delete arbitr...
Orange-form Project Orange-form
4.8
CVSSv3
CVE-2021-24607
The Storefront Footer Text WordPress plugin up to and including 1.0.1 does not sanitize and escape the "Footer Credit Text" added to pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed.
Wooassist Storefront Footer Text
7.2
CVSSv3
CVE-2021-24627
The G Auto-Hyperlink WordPress plugin up to and including 1.0.1 does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection
G Auto-hyperlink Project G Auto-hyperlink
5.4
CVSSv3
CVE-2021-24760
The Gutenberg PDF Viewer Block WordPress plugin prior to 1.0.1 does not sanitise and escape its block, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.
Pdf Viewer Block For Gutenberg Project Pdf Viewer Block For Gutenberg
5.4
CVSSv3
CVE-2021-24597
The You Shang WordPress plugin up to and including 1.0.1 does not escape its qrcode links settings, which result into Stored Cross-Site Scripting issues in frontend posts and the plugins settings page depending on the payload used
You-shang Project You-shang
6.1
CVSSv3
CVE-2021-38338
The Border Loading Bar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `f` and `t` parameter found in the ~/titan-framework/iframe-googlefont-preview.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1....
Border Loading Bar Project Border Loading Bar
6.1
CVSSv3
CVE-2021-38332
The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/settings.php file which allows malicious users to inject arbitrary web scripts, in versions up to and in...
Ops-robots-txt Project Ops-robots-txt
5.4
CVSSv3
CVE-2021-24547
The KN Fix Your Title WordPress plugin up to and including 1.0.1 was vulnerable to Authenticated Stored XSS in the separator field.
Kn Fix Your Title Project Kn Fix Your Title
5.4
CVSSv3
CVE-2021-24538
The Current Book WordPress plugin up to and including 1.0.1 does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue.
Current Book Project Current Book
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »