Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.2.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-1401
The Profile Box Shortcode And Widget WordPress plugin prior to 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ...
NA
CVE-2024-0906
The f(x) Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the API. This makes it possible for unauthenticated malicious users to obtain page and post contents of a site protected with this plugin.
NA
CVE-2024-1566
The Redirects plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in all versions up to, and including, 1.2.1. This makes it possible for unauthenticated malicious users to change redirects created with th...
NA
CVE-2014-8585
Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.
Wpdownloadmanager Wordpress Download Manager 1.1
Wpdownloadmanager Wordpress Download Manager 1.2
Wpdownloadmanager Wordpress Download Manager 1.2.1
Wpdownloadmanager Wordpress Download Manager 1.2.2
Wpdownloadmanager Wordpress Download Manager 1.2.3
Wpdownloadmanager Wordpress Download Manager 1.2.4
Wpdownloadmanager Wordpress Download Manager 1.2.5
Wpdownloadmanager Wordpress Download Manager 1.3
Wpdownloadmanager Wordpress Download Manager 1.4
Wpdownloadmanager Wordpress Download Manager 1.5
Wpdownloadmanager Wordpress Download Manager 1.5.1
Wpdownloadmanager Wordpress Download Manager 1.5.2
Wpdownloadmanager Wordpress Download Manager 1.5.3
Wpdownloadmanager Wordpress Download Manager 1.5.9
Wpdownloadmanager Wordpress Download Manager 1.5.32
Wpdownloadmanager Wordpress Download Manager 1.5.33
Wpdownloadmanager Wordpress Download Manager 2.0.1
Wpdownloadmanager Wordpress Download Manager 2.0.2
Wpdownloadmanager Wordpress Download Manager 2.0.3
Wpdownloadmanager Wordpress Download Manager 2.0.4
Wpdownloadmanager Wordpress Download Manager 2.0.5
Wpdownloadmanager Wordpress Download Manager 2.0.6
NA
CVE-2014-4517
Cross-site scripting (XSS) vulnerability in getNetworkSites.php in the CBI Referral Manager plugin 1.2.1 and previous versions for WordPress allows remote malicious users to inject arbitrary web script or HTML via the searchString parameter.
Cbi Referral Manager Project Cbi Referral Manager
NA
CVE-2014-5337
The WordPress Mobile Pack plugin prior to 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote malicious users to obtain sensitive information via an exportarticles action to export/content.php.
Wordpress Mobile Pack Project Wordpress Mobile Pack 1.2.0
Wordpress Mobile Pack Project Wordpress Mobile Pack
Wpmobilepack Wordpress Mobile Pack 1.0.8223
Wpmobilepack Wordpress Mobile Pack 1.1.1
Wpmobilepack Wordpress Mobile Pack 1.1.2
Wpmobilepack Wordpress Mobile Pack 1.1.3
Wpmobilepack Wordpress Mobile Pack 1.1.9
Wpmobilepack Wordpress Mobile Pack 1.1.91
Wpmobilepack Wordpress Mobile Pack 1.1.92
Wpmobilepack Wordpress Mobile Pack 1.2.1
Wpmobilepack Wordpress Mobile Pack 1.2.3
Wpmobilepack Wordpress Mobile Pack 1.2.4
Wpmobilepack Wordpress Mobile Pack 1.2.5
Wpmobilepack Wordpress Mobile Pack 2.0
NA
CVE-2014-4163
Multiple cross-site request forgery (CSRF) vulnerabilities in the Featured Comments plugin 1.2.1 for WordPress allow remote malicious users to hijack the authentication of administrators for requests that change the (1) buried or (2) featured status of a comment via a request to ...
Featured Comments Plugin Project Featured Comments 1.2.1
1 EDB exploit
NA
CVE-2013-2710
Cross-site request forgery (CSRF) vulnerability in the Contextual Related Posts plugin prior to 1.8.7 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via unspecified vectors.
Ajaydsouza Contextual Related Posts 1.8.4
Ajaydsouza Contextual Related Posts 1.3
Ajaydsouza Contextual Related Posts 1.5.1
Ajaydsouza Contextual Related Posts 1.2.1
Ajaydsouza Contextual Related Posts 1.6.1
Ajaydsouza Contextual Related Posts 1.7.2
Ajaydsouza Contextual Related Posts 1.1.1
Ajaydsouza Contextual Related Posts 1.2.2
Ajaydsouza Contextual Related Posts 1.1
Ajaydsouza Contextual Related Posts 1.6
Ajaydsouza Contextual Related Posts
Ajaydsouza Contextual Related Posts 1.8.1
Ajaydsouza Contextual Related Posts 1.4
Ajaydsouza Contextual Related Posts 1.7.3
Ajaydsouza Contextual Related Posts 1.0
Ajaydsouza Contextual Related Posts 1.6.4
Ajaydsouza Contextual Related Posts 1.5
Ajaydsouza Contextual Related Posts 1.6.3
Ajaydsouza Contextual Related Posts 1.8.3
Ajaydsouza Contextual Related Posts 1.4.1
Ajaydsouza Contextual Related Posts 1.3.1
Ajaydsouza Contextual Related Posts 1.4.2
NA
CVE-2014-3937
SQL injection vulnerability in the Contextual Related Posts plugin prior to 1.8.10.2 for WordPress allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Ajaydsouza Contextual Related Posts 1.8.4
Ajaydsouza Contextual Related Posts 1.3
Ajaydsouza Contextual Related Posts 1.5.1
Ajaydsouza Contextual Related Posts 1.2.1
Ajaydsouza Contextual Related Posts 1.8.6
Ajaydsouza Contextual Related Posts 1.6.1
Ajaydsouza Contextual Related Posts 1.8.8
Ajaydsouza Contextual Related Posts 1.7.2
Ajaydsouza Contextual Related Posts 1.1.1
Ajaydsouza Contextual Related Posts 1.2.2
Ajaydsouza Contextual Related Posts 1.1
Ajaydsouza Contextual Related Posts 1.8.9
Ajaydsouza Contextual Related Posts 1.6
Ajaydsouza Contextual Related Posts 1.8.9.1
Ajaydsouza Contextual Related Posts 1.8.1
Ajaydsouza Contextual Related Posts 1.4
Ajaydsouza Contextual Related Posts 1.7.3
Ajaydsouza Contextual Related Posts 1.0
Ajaydsouza Contextual Related Posts 1.6.4
Ajaydsouza Contextual Related Posts 1.5
Ajaydsouza Contextual Related Posts 1.8.7
Ajaydsouza Contextual Related Posts 1.6.3
NA
CVE-2014-0165
WordPress prior to 3.7.2 and 3.8.x prior to 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php.
Wordpress Wordpress 3.0.5
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 1.2.3
Wordpress Wordpress 3.4.0
Wordpress Wordpress 2.0.11
Wordpress Wordpress 1.3.3
Wordpress Wordpress 3.6.1
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 3.7
Wordpress Wordpress 1.6.2
Wordpress Wordpress 3.5.0
Wordpress Wordpress 2.1
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.2.4
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.0.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »