Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.1.1 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2013-2640
ajax.functions.php in the MailUp plugin prior to 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote malicious users to modify plugin settings and conduct cross-site scripting (XSS) attacks via unspecified vectors related to &q...
Mailup Wp-mailup
Mailup Wp-mailup 1.0.0
Mailup Wp-mailup 1.1.0
Mailup Wp-mailup 1.1.1
Mailup Wp-mailup 1.1.2
Mailup Wp-mailup 1.1.3
Mailup Wp-mailup 1.2
Mailup Wp-mailup 1.3
Mailup Wp-mailup 1.21
7.5
CVSSv2
CVE-2014-4725
The MailPoet Newsletters (wysija-newsletters) plugin prior to 2.6.7 for WordPress allows remote malicious users to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/...
Mailpoet Mailpoet Newsletters 2.1.1
Mailpoet Mailpoet Newsletters 2.0.6
Mailpoet Mailpoet Newsletters 1.1.5
Mailpoet Mailpoet Newsletters 2.0
Mailpoet Mailpoet Newsletters 2.1.2
Mailpoet Mailpoet Newsletters 2.6.3
Mailpoet Mailpoet Newsletters 1.0.1
Mailpoet Mailpoet Newsletters 2.5.4
Mailpoet Mailpoet Newsletters 0.9.2
Mailpoet Mailpoet Newsletters 2.3.1
Mailpoet Mailpoet Newsletters 2.4.1
Mailpoet Mailpoet Newsletters 2.3.2
Mailpoet Mailpoet Newsletters 2.6
Mailpoet Mailpoet Newsletters 2.5.9.3
Mailpoet Mailpoet Newsletters 2.0.7
Mailpoet Mailpoet Newsletters 2.0.8
Mailpoet Mailpoet Newsletters 2.0.9
Mailpoet Mailpoet Newsletters 2.4.4
Mailpoet Mailpoet Newsletters 2.6.4
Mailpoet Mailpoet Newsletters 2.5.3
Mailpoet Mailpoet Newsletters 2.3.3
Mailpoet Mailpoet Newsletters 2.0.5
1 EDB exploit
5
CVSSv2
CVE-2013-0731
ajax.functions.php in the MailUp plugin prior to 1.3.3 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote malicious users to modify plugin settings and conduct cross-site scripting (XSS) attacks by setting the wordpress_logged_in co...
Mailup Wp-mailup
Mailup Wp-mailup 1.0.0
Mailup Wp-mailup 1.1.0
Mailup Wp-mailup 1.1.1
Mailup Wp-mailup 1.1.2
Mailup Wp-mailup 1.1.3
Mailup Wp-mailup 1.2
Mailup Wp-mailup 1.3
Mailup Wp-mailup 1.3.1
Mailup Wp-mailup 1.21
5
CVSSv2
CVE-2012-4920
Directory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Forum (aka Forums) plugin prior to 1.4.4 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the url parameter to index.php.
Zingiri Forums
Zingiri Forums 1.0.0
Zingiri Forums 1.0.1
Zingiri Forums 1.0.2
Zingiri Forums 1.0.3
Zingiri Forums 1.0.4
Zingiri Forums 1.0.5
Zingiri Forums 1.0.6
Zingiri Forums 1.0.7
Zingiri Forums 1.0.8
Zingiri Forums 1.0.9
Zingiri Forums 1.1.0
Zingiri Forums 1.1.1
Zingiri Forums 1.2.0
Zingiri Forums 1.2.1
Zingiri Forums 1.3.0
Zingiri Forums 1.3.1
Zingiri Forums 1.4.0
Zingiri Forums 1.4.1
Zingiri Forums 1.4.2
5.8
CVSSv2
CVE-2017-8099
There is CSRF in the WHIZZ plugin prior to 1.1.1 for WordPress, allowing malicious users to delete any WordPress users and change the plugin's status via a GET request.
Browserweb Inc Whizz
4.3
CVSSv2
CVE-2017-18529
The promobar plugin prior to 1.1.1 for WordPress has multiple XSS issues.
Bestwebsoft Promobar
6.5
CVSSv2
CVE-2016-11003
The Elegant Themes Bloom plugin prior to 1.1.1 for WordPress has privilege escalation.
Elegantthemes Monarch
4.3
CVSSv2
CVE-2015-9321
The shortcode-factory plugin prior to 1.1.1 for WordPress has XSS via add_query_arg.
Wpmadeeasy Shortcode Factory
6.8
CVSSv2
CVE-2018-15571
The Export Users to CSV plugin up to and including 1.1.1 for WordPress allows CSV injection.
Export Users To Csv Project Export Users To Csv
4.3
CVSSv2
CVE-2017-18500
The social-buttons-pack plugin prior to 1.1.1 for WordPress has multiple XSS issues.
Bestwebsoft Social Buttons Pack
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30078
CVE-2024-37896
code injection
CVE-2024-3080
CVE-2024-5172
cross-site request forgery
CVE-2024-6111
firmware
CVE-2024-38504
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »