Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.0.1 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-38338
The Border Loading Bar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `f` and `t` parameter found in the ~/titan-framework/iframe-googlefont-preview.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1....
Border Loading Bar Project Border Loading Bar
5.4
CVSSv3
CVE-2021-24547
The KN Fix Your Title WordPress plugin up to and including 1.0.1 was vulnerable to Authenticated Stored XSS in the separator field.
Kn Fix Your Title Project Kn Fix Your Title
5.4
CVSSv3
CVE-2021-24538
The Current Book WordPress plugin up to and including 1.0.1 does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue.
Current Book Project Current Book
6.1
CVSSv3
CVE-2021-24477
The Migrate Users WordPress plugin up to and including 1.0.1 does not sanitise or escape its Delimiter option before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its options, allowing t...
Migrate Users Project Migrate Users
8.6
CVSSv3
CVE-2020-24144
Directory traversal in the Media File Organizer (aka media-file-organizer) plugin 1.0.1 for WordPress lets an attacker get access to files that are stored outside the web root folder via the items[] parameter in a move operation.
Media File Organizer Project Media File Organizer 1.0.1
6.1
CVSSv3
CVE-2014-10395
The cp-polls plugin prior to 1.0.1 for WordPress has XSS in the votes list.
Codepeople Polls Cp
9.8
CVSSv3
CVE-2016-10921
The gallery-photo-gallery plugin prior to 1.0.1 for WordPress has SQL injection.
Ays-pro Photo Gallery
9.8
CVSSv3
CVE-2015-9315
The newstatpress plugin prior to 1.0.1 for WordPress has SQL injection.
Newstatpress Project Newstatpress
6.1
CVSSv3
CVE-2015-7666
Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin prior to 1.0.2 for WordPress allow remote malicious users to inject arbitr...
Codepeople Payment Form For Paypal Pro
6.1
CVSSv3
CVE-2015-7667
Multiple cross-site scripting (XSS) vulnerabilities in (1) templates/admanagement/admanagement.php and (2) templates/adspot/adspot.php in the ResAds plugin prior to 1.0.2 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the page parameter.
Web-mv Resads
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-38627
CVE-2022-45803
CVE-2024-38319
camera
template injection
CVE-2024-27801
CVE-2024-0762
CVE-2024-5791
unauthorized
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »