Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.3 vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2020-24143
Directory traversal in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker get access to files that are stored outside the web root folder via the njt-tk-download-video parameter.
Ninjateam Video Downloader For Tiktok 1.3
668
VMScore
CVE-2020-24142
Server-side request forgery in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports...
Ninjateam Video Downloader For Tiktok 1.3
605
VMScore
CVE-2014-9525
Multiple cross-site request forgery (CSRF) vulnerabilities in the Timed Popup (wp-timed-popup) plugin 1.3 for WordPress allow remote malicious users to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct ...
Timed Popup Project Timed Popup 1.3
755
VMScore
CVE-2012-6625
SQL injection vulnerability in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin prior to 1.7.4 for WordPress allows remote malicious users to execute arbitrary SQL commands via the groupid parameter in an editgroup action.
Vasthtml Forumpress 1.2
Vasthtml Forumpress 1.3
Vasthtml Forumpress 1.5.1
Vasthtml Forumpress 1.6.4
Vasthtml Forumpress 1.6.5
Vasthtml Forumpress 1.7.2
Vasthtml Forumpress 1.7.3
Vasthtml Forumpress 1.5.2
Vasthtml Forumpress 1.6.8
Vasthtml Forumpress 1.6.9
Vasthtml Forumpress 1.4
Vasthtml Forumpress 1.5
Vasthtml Forumpress 1.6.6
Vasthtml Forumpress 1.6.7
Vasthtml Forumpress
Vasthtml Forumpress 1.0
Vasthtml Forumpress 1.1
Vasthtml Forumpress 1.6
Vasthtml Forumpress 1.6.2
Vasthtml Forumpress 1.6.3
Vasthtml Forumpress 1.7
Vasthtml Forumpress 1.7.1
1 EDB exploit
605
VMScore
CVE-2014-5034
Cross-site request forgery (CSRF) vulnerability in the Brute Force Login Protection module 1.3 for WordPress allows remote malicious users to hijack the authentication of unspecified users for requests that have unknown impact via a crafted request to the brute-force-login-protec...
Fresh-media Brute Force Login Protection 1.3
435
VMScore
CVE-2011-3860
Cross-site scripting (XSS) vulnerability in the Cover WP theme prior to 1.6.6 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the s parameter.
Onedesigns Cover Wp
Onedesigns Cover Wp 1.1
Onedesigns Cover Wp 1.2
Onedesigns Cover Wp 1.3
Onedesigns Cover Wp 1.4
Onedesigns Cover Wp 1.4.1
Onedesigns Cover Wp 1.5
Onedesigns Cover Wp 1.5.1
Onedesigns Cover Wp 1.5.2
Onedesigns Cover Wp 1.5.3
Onedesigns Cover Wp 1.5.4
Onedesigns Cover Wp 1.5.5
Onedesigns Cover Wp 1.5.6
Onedesigns Cover Wp 1.5.7
Onedesigns Cover Wp 1.5.8
Onedesigns Cover Wp 1.5.9
Onedesigns Cover Wp 1.6
Onedesigns Cover Wp 1.6.1
Onedesigns Cover Wp 1.6.2
Onedesigns Cover Wp 1.6.3
Onedesigns Cover Wp 1.6.4
1 EDB exploit
685
VMScore
CVE-2013-4240
Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS Testimonials plugin prior to 2.0.11 for WordPress allow remote malicious users to hijack the authentication of administrators for requests that (1) add new testimonials via the hms-testimonials-addnew page, (2)...
Hitmyserver Hms Testimonials 2.0.7
Hitmyserver Hms Testimonials 2.0.6
Hitmyserver Hms Testimonials 2.0.5
Hitmyserver Hms Testimonials 2.0.4
Hitmyserver Hms Testimonials 1.3
Hitmyserver Hms Testimonials 1.2
Hitmyserver Hms Testimonials 1.1
Hitmyserver Hms Testimonials 2.0.9
Hitmyserver Hms Testimonials 2.0.2
Hitmyserver Hms Testimonials 2.0
Hitmyserver Hms Testimonials 1.6
Hitmyserver Hms Testimonials 1.4.1
Hitmyserver Hms Testimonials 1.7.1
Hitmyserver Hms Testimonials 1.7
Hitmyserver Hms Testimonials 1.6.2
Hitmyserver Hms Testimonials 1.6.1
Hitmyserver Hms Testimonials
Hitmyserver Hms Testimonials 2.0.8
Hitmyserver Hms Testimonials 2.0.3
Hitmyserver Hms Testimonials 2.0.1
Hitmyserver Hms Testimonials 1.5
Hitmyserver Hms Testimonials 1.4
1 EDB exploit
655
VMScore
CVE-2014-3210
SQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin prior to 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the booking_form_id parameter to wp-admin/admin-ajax.php.
Dotonpaper Booking System
Dotonpaper Booking System 1.1
Dotonpaper Booking System 1.0
1 EDB exploit
435
VMScore
CVE-2012-2572
Cross-site scripting (XSS) vulnerability in the ThreeWP Email Reflector plugin prior to 1.16 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the Subject of an email.
Mindreantre Threewp Email Reflector 1.12
Mindreantre Threewp Email Reflector 1.11
Mindreantre Threewp Email Reflector 1.4
Mindreantre Threewp Email Reflector 1.3
Mindreantre Threewp Email Reflector 1.10
Mindreantre Threewp Email Reflector 1.9
Mindreantre Threewp Email Reflector 1.2
Mindreantre Threewp Email Reflector 1.1
Mindreantre Threewp Email Reflector
Mindreantre Threewp Email Reflector 1.8
Mindreantre Threewp Email Reflector 1.7
Mindreantre Threewp Email Reflector 1.0
Mindreantre Threewp Email Reflector 1.14
Mindreantre Threewp Email Reflector 1.13
Mindreantre Threewp Email Reflector 1.6
Mindreantre Threewp Email Reflector 1.5
1 EDB exploit
435
VMScore
CVE-2012-6622
Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin prior to 1.7.4 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) groupid parameter in an editgroup action or (2) userg...
Vasthtml Forumpress 1.0
Vasthtml Forumpress 1.1
Vasthtml Forumpress 1.6
Vasthtml Forumpress 1.6.2
Vasthtml Forumpress 1.6.3
Vasthtml Forumpress 1.7
Vasthtml Forumpress 1.7.1
Vasthtml Forumpress 1.4
Vasthtml Forumpress 1.5
Vasthtml Forumpress 1.6.6
Vasthtml Forumpress 1.6.7
Vasthtml Forumpress
Vasthtml Forumpress 1.2
Vasthtml Forumpress 1.3
Vasthtml Forumpress 1.6.4
Vasthtml Forumpress 1.6.5
Vasthtml Forumpress 1.7.2
Vasthtml Forumpress 1.7.3
Vasthtml Forumpress 1.5.1
Vasthtml Forumpress 1.5.2
Vasthtml Forumpress 1.6.8
Vasthtml Forumpress 1.6.9
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »