Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.1.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-2640
ajax.functions.php in the MailUp plugin prior to 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote malicious users to modify plugin settings and conduct cross-site scripting (XSS) attacks via unspecified vectors related to &q...
Mailup Wp-mailup
Mailup Wp-mailup 1.0.0
Mailup Wp-mailup 1.1.0
Mailup Wp-mailup 1.1.1
Mailup Wp-mailup 1.1.2
Mailup Wp-mailup 1.1.3
Mailup Wp-mailup 1.2
Mailup Wp-mailup 1.3
Mailup Wp-mailup 1.21
NA
CVE-2014-4725
The MailPoet Newsletters (wysija-newsletters) plugin prior to 2.6.7 for WordPress allows remote malicious users to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/...
Mailpoet Mailpoet Newsletters 2.1.1
Mailpoet Mailpoet Newsletters 2.0.6
Mailpoet Mailpoet Newsletters 1.1.5
Mailpoet Mailpoet Newsletters 2.0
Mailpoet Mailpoet Newsletters 2.1.2
Mailpoet Mailpoet Newsletters 2.6.3
Mailpoet Mailpoet Newsletters 1.0.1
Mailpoet Mailpoet Newsletters 2.5.4
Mailpoet Mailpoet Newsletters 0.9.2
Mailpoet Mailpoet Newsletters 2.3.1
Mailpoet Mailpoet Newsletters 2.4.1
Mailpoet Mailpoet Newsletters 2.3.2
Mailpoet Mailpoet Newsletters 2.6
Mailpoet Mailpoet Newsletters 2.5.9.3
Mailpoet Mailpoet Newsletters 2.0.7
Mailpoet Mailpoet Newsletters 2.0.8
Mailpoet Mailpoet Newsletters 2.0.9
Mailpoet Mailpoet Newsletters 2.4.4
Mailpoet Mailpoet Newsletters 2.6.4
Mailpoet Mailpoet Newsletters 2.5.3
Mailpoet Mailpoet Newsletters 2.3.3
Mailpoet Mailpoet Newsletters 2.0.5
1 EDB exploit
NA
CVE-2013-0731
ajax.functions.php in the MailUp plugin prior to 1.3.3 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote malicious users to modify plugin settings and conduct cross-site scripting (XSS) attacks by setting the wordpress_logged_in co...
Mailup Wp-mailup
Mailup Wp-mailup 1.0.0
Mailup Wp-mailup 1.1.0
Mailup Wp-mailup 1.1.1
Mailup Wp-mailup 1.1.2
Mailup Wp-mailup 1.1.3
Mailup Wp-mailup 1.2
Mailup Wp-mailup 1.3
Mailup Wp-mailup 1.3.1
Mailup Wp-mailup 1.21
NA
CVE-2012-4920
Directory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Forum (aka Forums) plugin prior to 1.4.4 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the url parameter to index.php.
Zingiri Forums
Zingiri Forums 1.0.0
Zingiri Forums 1.0.1
Zingiri Forums 1.0.2
Zingiri Forums 1.0.3
Zingiri Forums 1.0.4
Zingiri Forums 1.0.5
Zingiri Forums 1.0.6
Zingiri Forums 1.0.7
Zingiri Forums 1.0.8
Zingiri Forums 1.0.9
Zingiri Forums 1.1.0
Zingiri Forums 1.1.1
Zingiri Forums 1.2.0
Zingiri Forums 1.2.1
Zingiri Forums 1.3.0
Zingiri Forums 1.3.1
Zingiri Forums 1.4.0
Zingiri Forums 1.4.1
Zingiri Forums 1.4.2
8.1
CVSSv3
CVE-2017-8099
There is CSRF in the WHIZZ plugin prior to 1.1.1 for WordPress, allowing malicious users to delete any WordPress users and change the plugin's status via a GET request.
Browserweb Inc Whizz
6.1
CVSSv3
CVE-2017-18529
The promobar plugin prior to 1.1.1 for WordPress has multiple XSS issues.
Bestwebsoft Promobar
8.8
CVSSv3
CVE-2016-11003
The Elegant Themes Bloom plugin prior to 1.1.1 for WordPress has privilege escalation.
Elegantthemes Monarch
6.1
CVSSv3
CVE-2015-9321
The shortcode-factory plugin prior to 1.1.1 for WordPress has XSS via add_query_arg.
Wpmadeeasy Shortcode Factory
8.6
CVSSv3
CVE-2018-15571
The Export Users to CSV plugin up to and including 1.1.1 for WordPress allows CSV injection.
Export Users To Csv Project Export Users To Csv
6.1
CVSSv3
CVE-2017-18500
The social-buttons-pack plugin prior to 1.1.1 for WordPress has multiple XSS issues.
Bestwebsoft Social Buttons Pack
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
malicious code
XML injection
CVE-2024-28020
CVE-2024-35252
CVE-2024-5833
CVE-2024-30066
injection
CVE-2024-23282
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »