Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.1.1 vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2013-2640
ajax.functions.php in the MailUp plugin prior to 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote malicious users to modify plugin settings and conduct cross-site scripting (XSS) attacks via unspecified vectors related to &q...
Mailup Wp-mailup 1.1.0
Mailup Wp-mailup
Mailup Wp-mailup 1.3
Mailup Wp-mailup 1.1.1
Mailup Wp-mailup 1.0.0
Mailup Wp-mailup 1.21
Mailup Wp-mailup 1.2
Mailup Wp-mailup 1.1.3
Mailup Wp-mailup 1.1.2
755
VMScore
CVE-2014-4725
The MailPoet Newsletters (wysija-newsletters) plugin prior to 2.6.7 for WordPress allows remote malicious users to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/...
Mailpoet Mailpoet Newsletters 2.6.4
Mailpoet Mailpoet Newsletters 2.6.3
Mailpoet Mailpoet Newsletters 2.6.2
Mailpoet Mailpoet Newsletters 2.6.1
Mailpoet Mailpoet Newsletters 2.5.1
Mailpoet Mailpoet Newsletters 2.5
Mailpoet Mailpoet Newsletters 2.4.4
Mailpoet Mailpoet Newsletters 2.4.3
Mailpoet Mailpoet Newsletters 2.2
Mailpoet Mailpoet Newsletters 2.1.9
Mailpoet Mailpoet Newsletters 2.1.8
Mailpoet Mailpoet Newsletters 2.1.7
Mailpoet Mailpoet Newsletters 2.1.6
Mailpoet Mailpoet Newsletters 2.0.4
Mailpoet Mailpoet Newsletters
Mailpoet Mailpoet Newsletters 2.6
Mailpoet Mailpoet Newsletters 2.5.9.3
Mailpoet Mailpoet Newsletters 2.5.7
Mailpoet Mailpoet Newsletters 2.5.4
Mailpoet Mailpoet Newsletters 2.5.2
Mailpoet Mailpoet Newsletters 2.4.2
Mailpoet Mailpoet Newsletters 2.4
1 EDB exploit
445
VMScore
CVE-2013-0731
ajax.functions.php in the MailUp plugin prior to 1.3.3 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote malicious users to modify plugin settings and conduct cross-site scripting (XSS) attacks by setting the wordpress_logged_in co...
Mailup Wp-mailup 1.1.3
Mailup Wp-mailup 1.1.2
Mailup Wp-mailup 1.1.1
Mailup Wp-mailup 1.1.0
Mailup Wp-mailup 1.21
Mailup Wp-mailup 1.2
Mailup Wp-mailup 1.3.1
Mailup Wp-mailup 1.3
Mailup Wp-mailup 1.0.0
Mailup Wp-mailup
445
VMScore
CVE-2012-4920
Directory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Forum (aka Forums) plugin prior to 1.4.4 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the url parameter to index.php.
Zingiri Forums 1.0.3
Zingiri Forums 1.0.4
Zingiri Forums 1.1.1
Zingiri Forums 1.2.0
Zingiri Forums
Zingiri Forums 1.0.1
Zingiri Forums 1.0.2
Zingiri Forums 1.0.9
Zingiri Forums 1.1.0
Zingiri Forums 1.4.1
Zingiri Forums 1.4.2
Zingiri Forums 1.0.0
Zingiri Forums 1.0.7
Zingiri Forums 1.0.8
Zingiri Forums 1.3.1
Zingiri Forums 1.4.0
Zingiri Forums 1.0.5
Zingiri Forums 1.0.6
Zingiri Forums 1.2.1
Zingiri Forums 1.3.0
383
VMScore
CVE-2012-2916
Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in the SABRE plugin prior to 2.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the active_option parameter to wp-admin/tools.php.
Dlo Simple Anti Bot Registration Engine Plugin 0.8.0
Dlo Simple Anti Bot Registration Engine Plugin 0.7.4
Dlo Simple Anti Bot Registration Engine Plugin 0.6.0
Dlo Simple Anti Bot Registration Engine Plugin 0.4.2
Dlo Simple Anti Bot Registration Engine Plugin 1.1.1
Dlo Simple Anti Bot Registration Engine Plugin 1.1.0
Dlo Simple Anti Bot Registration Engine Plugin 0.7.1
Dlo Simple Anti Bot Registration Engine Plugin 0.7.0
Dlo Simple Anti Bot Registration Engine Plugin 0.2.2
Dlo Simple Anti Bot Registration Engine Plugin 0.2.1
Dlo Simple Anti Bot Registration Engine Plugin 1.0.0
Dlo Simple Anti Bot Registration Engine Plugin 0.9.0
Dlo Simple Anti Bot Registration Engine Plugin 0.6.3
Dlo Simple Anti Bot Registration Engine Plugin 0.6.2
Dlo Simple Anti Bot Registration Engine Plugin 0.6.1
Dlo Simple Anti Bot Registration Engine Plugin 0.1.1
Dlo Simple Anti Bot Registration Engine Plugin
Dlo Simple Anti Bot Registration Engine Plugin 1.1.2
Dlo Simple Anti Bot Registration Engine Plugin 0.7.3
Dlo Simple Anti Bot Registration Engine Plugin 0.7.2
Dlo Simple Anti Bot Registration Engine Plugin 0.4.1
Dlo Simple Anti Bot Registration Engine Plugin 0.4.0
605
VMScore
CVE-2013-5963
Unrestricted file upload vulnerability in multi.php in Simple Dropbox Upload plugin prior to 1.8.8.1 for WordPress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-co...
Cdsincdesign Simple Dropbox Upload Form
Cdsincdesign Simple Dropbox Upload Form 0.5.0
Cdsincdesign Simple Dropbox Upload Form 1.0.0
Cdsincdesign Simple Dropbox Upload Form 1.1.0
Cdsincdesign Simple Dropbox Upload Form 1.1.1
Cdsincdesign Simple Dropbox Upload Form 1.1.2
Cdsincdesign Simple Dropbox Upload Form 1.2.0
Cdsincdesign Simple Dropbox Upload Form 1.3.0
Cdsincdesign Simple Dropbox Upload Form 1.3.1
Cdsincdesign Simple Dropbox Upload Form 1.4.0
Cdsincdesign Simple Dropbox Upload Form 1.5.0
Cdsincdesign Simple Dropbox Upload Form 1.5.1
Cdsincdesign Simple Dropbox Upload Form 1.5.2
Cdsincdesign Simple Dropbox Upload Form 1.5.3
Cdsincdesign Simple Dropbox Upload Form 1.6.0
Cdsincdesign Simple Dropbox Upload Form 1.7.0
Cdsincdesign Simple Dropbox Upload Form 1.8.0
Cdsincdesign Simple Dropbox Upload Form 1.8.1
Cdsincdesign Simple Dropbox Upload Form 1.8.2
Cdsincdesign Simple Dropbox Upload Form 1.8.3
Cdsincdesign Simple Dropbox Upload Form 1.8.4
Cdsincdesign Simple Dropbox Upload Form 1.8.5
516
VMScore
CVE-2017-8099
There is CSRF in the WHIZZ plugin prior to 1.1.1 for WordPress, allowing malicious users to delete any WordPress users and change the plugin's status via a GET request.
Browserweb Inc Whizz
383
VMScore
CVE-2017-18529
The promobar plugin prior to 1.1.1 for WordPress has multiple XSS issues.
Bestwebsoft Promobar
578
VMScore
CVE-2016-11003
The Elegant Themes Bloom plugin prior to 1.1.1 for WordPress has privilege escalation.
Elegantthemes Monarch
383
VMScore
CVE-2015-9321
The shortcode-factory plugin prior to 1.1.1 for WordPress has XSS via add_query_arg.
Wpmadeeasy Shortcode Factory
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »