Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.2.1 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2015-7670
Multiple SQL injection vulnerabilities in includes/update.php in the Support Ticket System plugin prior to 1.2.1 for WordPress allow remote malicious users to execute arbitrary SQL commands via the (1) user or (2) id parameter.
Support Ticket System Project Support Ticket System
9.8
CVSSv3
CVE-2017-14125
SQL injection vulnerability in the Responsive Image Gallery plugin prior to 1.2.1 for WordPress allows remote malicious users to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php.
Wpdevart Responsive Image Gallery Gallery Album
6.1
CVSSv3
CVE-2017-9420
Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin prior to 3.3.0 for WordPress allows remote malicious users to inject arbitrary JavaScript via the yr parameter.
Sunnythemes Spiffy Calendar 3.0.8
Sunnythemes Spiffy Calendar 3.0.7
Sunnythemes Spiffy Calendar 3.0.0
Sunnythemes Spiffy Calendar 2.1.3
Sunnythemes Spiffy Calendar 1.2.0
Sunnythemes Spiffy Calendar 1.1.8
Sunnythemes Spiffy Calendar 1.1.2
Sunnythemes Spiffy Calendar 1.1.1
Sunnythemes Spiffy Calendar 3.1.3
Sunnythemes Spiffy Calendar 3.1.2
Sunnythemes Spiffy Calendar 3.0.4
Sunnythemes Spiffy Calendar 3.0.3
Sunnythemes Spiffy Calendar 2.1.0
Sunnythemes Spiffy Calendar 2.0.1
Sunnythemes Spiffy Calendar 1.1.5
Sunnythemes Spiffy Calendar 2.0.0
Sunnythemes Spiffy Calendar 1.0.3
Sunnythemes Spiffy Calendar 1.0.1
Sunnythemes Spiffy Calendar 3.1.1
Sunnythemes Spiffy Calendar 3.1.0
Sunnythemes Spiffy Calendar 3.0.2
Sunnythemes Spiffy Calendar 3.0.1
NA
CVE-2014-8585
Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.
Wpdownloadmanager Wordpress Download Manager 2.6.91
Wpdownloadmanager Wordpress Download Manager 2.6.9
Wpdownloadmanager Wordpress Download Manager 2.6.2
Wpdownloadmanager Wordpress Download Manager 2.6.1
Wpdownloadmanager Wordpress Download Manager 2.5.93
Wpdownloadmanager Wordpress Download Manager 2.5.92
Wpdownloadmanager Wordpress Download Manager 2.5.4
Wpdownloadmanager Wordpress Download Manager 2.5.3
Wpdownloadmanager Wordpress Download Manager 2.4.6
Wpdownloadmanager Wordpress Download Manager 2.4.5
Wpdownloadmanager Wordpress Download Manager 2.3.7
Wpdownloadmanager Wordpress Download Manager 2.3.6
Wpdownloadmanager Wordpress Download Manager 2.2.9
Wpdownloadmanager Wordpress Download Manager 2.2.8
Wpdownloadmanager Wordpress Download Manager 2.2.1
Wpdownloadmanager Wordpress Download Manager 2.2.0
Wpdownloadmanager Wordpress Download Manager 2.1.3
Wpdownloadmanager Wordpress Download Manager 2.0.16
Wpdownloadmanager Wordpress Download Manager 2.0.15
Wpdownloadmanager Wordpress Download Manager 2.0.8
Wpdownloadmanager Wordpress Download Manager 2.0.7
Wpdownloadmanager Wordpress Download Manager 1.5.33
NA
CVE-2014-4517
Cross-site scripting (XSS) vulnerability in getNetworkSites.php in the CBI Referral Manager plugin 1.2.1 and previous versions for WordPress allows remote malicious users to inject arbitrary web script or HTML via the searchString parameter.
Cbi Referral Manager Project Cbi Referral Manager
NA
CVE-2014-5337
The WordPress Mobile Pack plugin prior to 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote malicious users to obtain sensitive information via an exportarticles action to export/content.php.
Wpmobilepack Wordpress Mobile Pack 1.2.4
Wpmobilepack Wordpress Mobile Pack 1.2.1
Wpmobilepack Wordpress Mobile Pack 1.1.3
Wpmobilepack Wordpress Mobile Pack 1.1.1
Wordpress Mobile Pack Project Wordpress Mobile Pack 1.2.0
Wpmobilepack Wordpress Mobile Pack 1.1.92
Wpmobilepack Wordpress Mobile Pack 1.1.91
Wordpress Mobile Pack Project Wordpress Mobile Pack
Wpmobilepack Wordpress Mobile Pack 2.0
Wpmobilepack Wordpress Mobile Pack 1.2.5
Wpmobilepack Wordpress Mobile Pack 1.0.8223
Wpmobilepack Wordpress Mobile Pack 1.2.3
Wpmobilepack Wordpress Mobile Pack 1.1.9
Wpmobilepack Wordpress Mobile Pack 1.1.2
NA
CVE-2014-4163
Multiple cross-site request forgery (CSRF) vulnerabilities in the Featured Comments plugin 1.2.1 for WordPress allow remote malicious users to hijack the authentication of administrators for requests that change the (1) buried or (2) featured status of a comment via a request to ...
Featured Comments Plugin Project Featured Comments 1.2.1
1 EDB exploit
NA
CVE-2014-3937
SQL injection vulnerability in the Contextual Related Posts plugin prior to 1.8.10.2 for WordPress allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Ajaydsouza Contextual Related Posts 1.8.9.1
Ajaydsouza Contextual Related Posts 1.8.8
Ajaydsouza Contextual Related Posts 1.8.1
Ajaydsouza Contextual Related Posts 1.7.3
Ajaydsouza Contextual Related Posts 1.6.4
Ajaydsouza Contextual Related Posts 1.6.2
Ajaydsouza Contextual Related Posts 1.4.1
Ajaydsouza Contextual Related Posts 1.3.1
Ajaydsouza Contextual Related Posts 1.0
Ajaydsouza Contextual Related Posts 1.8.6
Ajaydsouza Contextual Related Posts 1.8.5
Ajaydsouza Contextual Related Posts 1.8.4
Ajaydsouza Contextual Related Posts 1.8.3
Ajaydsouza Contextual Related Posts 1.6
Ajaydsouza Contextual Related Posts 1.5.2
Ajaydsouza Contextual Related Posts 1.5.1
Ajaydsouza Contextual Related Posts 1.5
Ajaydsouza Contextual Related Posts 1.4.2
Ajaydsouza Contextual Related Posts
Ajaydsouza Contextual Related Posts 1.8.10
Ajaydsouza Contextual Related Posts 1.7.2
Ajaydsouza Contextual Related Posts 1.7.1
NA
CVE-2013-2710
Cross-site request forgery (CSRF) vulnerability in the Contextual Related Posts plugin prior to 1.8.7 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via unspecified vectors.
Ajaydsouza Contextual Related Posts 1.8.1
Ajaydsouza Contextual Related Posts 1.8
Ajaydsouza Contextual Related Posts 1.6.3
Ajaydsouza Contextual Related Posts 1.6.2
Ajaydsouza Contextual Related Posts 1.4
Ajaydsouza Contextual Related Posts 1.3.1
Ajaydsouza Contextual Related Posts 1.8.5
Ajaydsouza Contextual Related Posts 1.8.4
Ajaydsouza Contextual Related Posts 1.7.1
Ajaydsouza Contextual Related Posts 1.7
Ajaydsouza Contextual Related Posts 1.5.2
Ajaydsouza Contextual Related Posts 1.5.1
Ajaydsouza Contextual Related Posts 1.5
Ajaydsouza Contextual Related Posts 1.2.1
Ajaydsouza Contextual Related Posts 1.2
Ajaydsouza Contextual Related Posts 1.8.3
Ajaydsouza Contextual Related Posts 1.8.2
Ajaydsouza Contextual Related Posts 1.6.5
Ajaydsouza Contextual Related Posts 1.6.4
Ajaydsouza Contextual Related Posts 1.4.2
Ajaydsouza Contextual Related Posts 1.4.1
Ajaydsouza Contextual Related Posts 1.1.1
NA
CVE-2014-0165
WordPress prior to 3.7.2 and 3.8.x prior to 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php.
Wordpress Wordpress 3.7
Wordpress Wordpress
Wordpress Wordpress 3.4.2
Wordpress Wordpress 3.4.1
Wordpress Wordpress 3.2
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.0.3
Wordpress Wordpress 2.9
Wordpress Wordpress 3.8
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.3.3
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.0.1
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 2.8.5.1
Wordpress Wordpress 3.6.1
Wordpress Wordpress 3.6
Wordpress Wordpress 3.3.2
Wordpress Wordpress 3.3.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »