Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.1.1 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-18529
The promobar plugin prior to 1.1.1 for WordPress has multiple XSS issues.
Bestwebsoft Promobar
6.1
CVSSv3
CVE-2017-18500
The social-buttons-pack plugin prior to 1.1.1 for WordPress has multiple XSS issues.
Bestwebsoft Social Buttons Pack
7.5
CVSSv3
CVE-2018-20782
The GloBee plugin prior to 1.1.2 for WooCommerce mishandles IPN messages.
Globee Woocommerce
1 EDB exploit
8.6
CVSSv3
CVE-2018-15571
The Export Users to CSV plugin up to and including 1.1.1 for WordPress allows CSV injection.
Export Users To Csv Project Export Users To Csv
7.5
CVSSv3
CVE-2018-7422
A Local File Inclusion vulnerability in the Site Editor plugin up to and including 1.1.1 for WordPress allows remote malicious users to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php, aka absolute path tra...
Siteeditor Site Editor
1 EDB exploit
4 Github repositories
6.1
CVSSv3
CVE-2018-5654
An issue exists in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php PFFREE_Access_Token parameter.
Weblizar Pinterest-feeds 1.1.1
6.1
CVSSv3
CVE-2018-5653
An issue exists in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php weblizar_pffree_settings_save_get-users parameter.
Weblizar Pinterest-feeds 1.1.1
6.1
CVSSv3
CVE-2018-5655
An issue exists in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php security parameter.
Weblizar Pinterest-feeds 1.1.1
8.8
CVSSv3
CVE-2018-5656
An issue exists in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. CSRF exists via wp-admin/admin-ajax.php.
Weblizar Pinterest-feeds 1.1.1
5.4
CVSSv3
CVE-2017-15811
The Pootle Button plugin prior to 1.2.0 for WordPress has XSS via the assets_url parameter in assets/dialog.php, exploitable via wp-admin/admin-ajax.php.
Pootlepress Pootle Button 1.1.1
Pootlepress Pootle Button 1.1.0
Pootlepress Pootle Button 1.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »