Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.2 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-24510
The MF Gig Calendar WordPress plugin prior to 1.2 does not sanitise and escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue
Mf Gig Calendar Project Mf Gig Calendar
6.1
CVSSv3
CVE-2021-38334
The WP Design Maps & Places WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the filename parameter found in the ~/wpdmp-admin.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1.2.
Amazingweb Wp-design-maps-places
6.1
CVSSv3
CVE-2021-38340
The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the update_row parameter found in the ~/includes/add_product.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1.2.
Wordpress Simple Shop Project Wordpress Simple Shop
7.2
CVSSv3
CVE-2021-24553
The Timeline Calendar WordPress plugin up to and including 1.2 does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL injection issue. Other SQL Injections are also present in the plugin
Timeline Calendar Project Timeline Calendar
6.1
CVSSv3
CVE-2021-34651
The Scribble Maps WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the map parameter in the ~/includes/admin.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1.2.
Scribblemaps Scribble Maps
5.4
CVSSv3
CVE-2020-23762
Cross Site Scripting (XSS) vulnerability in the Larsens Calender plugin Version <= 1.2 for WordPress allows remote malicious users to execute arbitrary web script via the "titel" column on the "Eintrage hinzufugen" tab.
Larsens Calendar Project Larsens Calendar
8.8
CVSSv3
CVE-2020-35135
The ultimate-category-excluder plugin prior to 1.2 for WordPress allows ultimate-category-excluder.php CSRF.
Infolific Ultimate Category Excluder
6.1
CVSSv3
CVE-2020-11022
In jQuery versions greater than or equal to 1.2 and prior to 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuer...
Jquery Jquery
Drupal Drupal
Debian Debian Linux 9.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Oracle Weblogic Server 12.1.3.0.0
Oracle Jdeveloper 11.1.1.9.0
Oracle Retail Back Office 14.1
Oracle Retail Back Office 14.0
Oracle Peoplesoft Enterprise Peopletools 8.56
Oracle Weblogic Server 10.3.6.0.0
Oracle Communications Webrtc Session Controller 7.2
Oracle Weblogic Server 12.2.1.3.0
Oracle Agile Product Lifecycle Management For Process 6.2.0.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Application Testing Suite 13.3.0.1
Oracle Retail Returns Management 14.0
Oracle Retail Returns Management 14.1
Oracle Jdeveloper 12.2.1.3.0
Oracle Policy Automation Connector For Siebel 10.4.6
Oracle Financial Services Market Risk Measurement And Management 8.0.6
13 Github repositories
8.8
CVSSv3
CVE-2013-2009
WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution
Automattic Wp Super Cache 1.2
1 EDB exploit
8.8
CVSSv3
CVE-2015-9448
The sendpress plugin prior to 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter.
Pressified Sendpress
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »