Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.0 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-1192
The Turn off all comments WordPress plugin up to and including 1.0 does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
Turn Off All Comments Project Turn Off All Comments
1 Github repository
7.2
CVSSv3
CVE-2021-25119
The AGIL WordPress plugin up to and including 1.0 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE
Wpsocket Automatic Grid Image Listing
5.4
CVSSv3
CVE-2021-24950
The Insight Core WordPress plugin up to and including 1.0 does not have any authorisation and CSRF checks in the insight_customizer_options_import (available to any authenticated user), does not validate user input before passing it to unserialize(), nor sanitise and escape it be...
Thememove Insight Core 1.0
8.8
CVSSv3
CVE-2021-24704
In the Orange Form WordPress plugin up to and including 1.0, the process_bulk_action() function in "admin/orange-form-email.php" performs an unprepared SQL query with an unsanitized parameter ($id). Only admin can access the page that invokes the function, but because o...
Orange-form Project Orange-form
5.4
CVSSv3
CVE-2021-25058
The Buffer Button WordPress plugin up to and including 1.0 was vulnerable to Authenticated Stored Cross Site Scripting (XSS) within the Twitter username to mention text field.
The Buffer Button Project The Buffer Button
6.5
CVSSv3
CVE-2021-25097
The LabTools WordPress plugin up to and including 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication
Creativityjuice Labtools
6.1
CVSSv3
CVE-2021-39309
The Parsian Bank Gateway for Woocommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via and parameter due to a var_dump() on $_POST variables found in the ~/vendor/dpsoft/parsian-payment/sample/rollback-payment.php file which allows malicious users to inject...
Dpsoft Parsian Bank Gateway For Woocommerce
6.1
CVSSv3
CVE-2021-39311
The link-list-manager WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the category parameter found in the ~/llm.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1.0.
Link-list-manager Project Link-list-manager
6.1
CVSSv3
CVE-2021-39318
The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the h5p-css-file parameter found in the ~/h5p-css-editor.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1.0.
H5p-css-editor Project H5p-css-editor
6.5
CVSSv3
CVE-2021-24784
The WP Admin Logo Changer WordPress plugin up to and including 1.0 does not have CSRF check when saving its settings, which could allow malicious users to make a logged in admin update them via a CSRF attack.
Wp Admin Logo Changer Project Wp Admin Logo Changer
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »