Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.0.1 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2015-10093
A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function user_row_actions of the file plugin/plugin.php. The manipulation of the argument url leads to cross site scriptin...
Mark User As Spammer Project Mark User As Spammer 1.0.0
Mark User As Spammer Project Mark User As Spammer 1.0.1
5.4
CVSSv3
CVE-2022-34648
Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.
Uploading Svg, Webp And Ico Files Project Uploading Svg, Webp And Ico Files
5.4
CVSSv3
CVE-2022-36343
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress.
Ideastocode Enable Svg, Webp & Ico Upload
5.4
CVSSv3
CVE-2022-1112
The Autolinks WordPress plugin up to and including 1.0.1 does not have CSRF check in place when updating its settings, and does not sanitise as well as escape them, which could allow malicious users to perform Stored Cross-Site scripting against a logged in admin via a CSRF attac...
Autolinks Project Autolinks
5.4
CVSSv3
CVE-2021-24760
The Gutenberg PDF Viewer Block WordPress plugin prior to 1.0.1 does not sanitise and escape its block, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.
Pdf Viewer Block For Gutenberg Project Pdf Viewer Block For Gutenberg
5.4
CVSSv3
CVE-2021-24597
The You Shang WordPress plugin up to and including 1.0.1 does not escape its qrcode links settings, which result into Stored Cross-Site Scripting issues in frontend posts and the plugins settings page depending on the payload used
You-shang Project You-shang
5.4
CVSSv3
CVE-2021-24547
The KN Fix Your Title WordPress plugin up to and including 1.0.1 was vulnerable to Authenticated Stored XSS in the separator field.
Kn Fix Your Title Project Kn Fix Your Title
5.4
CVSSv3
CVE-2021-24538
The Current Book WordPress plugin up to and including 1.0.1 does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue.
Current Book Project Current Book
5.3
CVSSv3
CVE-2022-2350
The Disable User Login WordPress plugin up to and including 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated malicious users to block (or unblock) users at will.
Brainvire Disable User Login
4.8
CVSSv3
CVE-2022-3909
The Add Comments WordPress plugin up to and including 1.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example i...
Add Comments Project Add Comments
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »