Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.2 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2016-10985
The echosign plugin prior to 1.2 for WordPress has XSS via the templates/add_templates.php id parameter.
Smackcoders Echo Sign
6.1
CVSSv3
CVE-2016-10976
The safe-editor plugin prior to 1.2 for WordPress has no se_save authentication, with resultant XSS.
Kodebyraaet Safe Editor
6.1
CVSSv3
CVE-2017-14751
The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to the Job Qualification field.
Intensewp Wp Jobs 1.0
Intensewp Wp Jobs 1.1
Intensewp Wp Jobs 1.2
Intensewp Wp Jobs 1.3
Intensewp Wp Jobs 1.4
Intensewp Wp Jobs 1.5
6.1
CVSSv3
CVE-2017-5942
An issue exists in the WP Mail plugin prior to 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail.
Wp Mail Project Wp Mail
5.4
CVSSv3
CVE-2023-5743
The Telephone Number Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'telnumlink' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. T...
Gravitydesign Telephone Number Linker
5.4
CVSSv3
CVE-2023-5337
The Contact form Form For All plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formforall' shortcode in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...
Formforall Formforall
5.4
CVSSv3
CVE-2022-45375
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in iFeature Slider plugin <= 1.2 on WordPress.
Cyberchimps Ifeature Slider
5.4
CVSSv3
CVE-2021-24413
The Easy Twitter Feed WordPress plugin prior to 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortco...
Bplugins Easy Twitter Feed
5.4
CVSSv3
CVE-2021-24415
The Polo Video Gallery – Best wordpress video gallery plugin WordPress plugin up to and including 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be ...
Bplugins Polo Video Gallery
5.4
CVSSv3
CVE-2020-23762
Cross Site Scripting (XSS) vulnerability in the Larsens Calender plugin Version <= 1.2 for WordPress allows remote malicious users to execute arbitrary web script via the "titel" column on the "Eintrage hinzufugen" tab.
Larsens Calendar Project Larsens Calendar
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »