Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.1.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-2640
ajax.functions.php in the MailUp plugin prior to 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote malicious users to modify plugin settings and conduct cross-site scripting (XSS) attacks via unspecified vectors related to &q...
Mailup Wp-mailup 1.1.0
Mailup Wp-mailup
Mailup Wp-mailup 1.3
Mailup Wp-mailup 1.1.1
Mailup Wp-mailup 1.0.0
Mailup Wp-mailup 1.21
Mailup Wp-mailup 1.2
Mailup Wp-mailup 1.1.3
Mailup Wp-mailup 1.1.2
NA
CVE-2014-4725
The MailPoet Newsletters (wysija-newsletters) plugin prior to 2.6.7 for WordPress allows remote malicious users to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/...
Mailpoet Mailpoet Newsletters 2.6.4
Mailpoet Mailpoet Newsletters 2.6.3
Mailpoet Mailpoet Newsletters 2.6.2
Mailpoet Mailpoet Newsletters 2.6.1
Mailpoet Mailpoet Newsletters 2.5.1
Mailpoet Mailpoet Newsletters 2.5
Mailpoet Mailpoet Newsletters 2.4.4
Mailpoet Mailpoet Newsletters 2.4.3
Mailpoet Mailpoet Newsletters 2.2
Mailpoet Mailpoet Newsletters 2.1.9
Mailpoet Mailpoet Newsletters 2.1.8
Mailpoet Mailpoet Newsletters 2.1.7
Mailpoet Mailpoet Newsletters 2.1.6
Mailpoet Mailpoet Newsletters 2.0.4
Mailpoet Mailpoet Newsletters
Mailpoet Mailpoet Newsletters 2.6
Mailpoet Mailpoet Newsletters 2.5.9.3
Mailpoet Mailpoet Newsletters 2.5.7
Mailpoet Mailpoet Newsletters 2.5.4
Mailpoet Mailpoet Newsletters 2.5.2
Mailpoet Mailpoet Newsletters 2.4.2
Mailpoet Mailpoet Newsletters 2.4
1 EDB exploit
NA
CVE-2013-0731
ajax.functions.php in the MailUp plugin prior to 1.3.3 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote malicious users to modify plugin settings and conduct cross-site scripting (XSS) attacks by setting the wordpress_logged_in co...
Mailup Wp-mailup 1.1.3
Mailup Wp-mailup 1.1.2
Mailup Wp-mailup 1.1.1
Mailup Wp-mailup 1.1.0
Mailup Wp-mailup 1.21
Mailup Wp-mailup 1.2
Mailup Wp-mailup 1.3.1
Mailup Wp-mailup 1.3
Mailup Wp-mailup 1.0.0
Mailup Wp-mailup
NA
CVE-2012-4920
Directory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Forum (aka Forums) plugin prior to 1.4.4 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the url parameter to index.php.
Zingiri Forums 1.0.3
Zingiri Forums 1.0.4
Zingiri Forums 1.1.1
Zingiri Forums 1.2.0
Zingiri Forums
Zingiri Forums 1.0.1
Zingiri Forums 1.0.2
Zingiri Forums 1.0.9
Zingiri Forums 1.1.0
Zingiri Forums 1.4.1
Zingiri Forums 1.4.2
Zingiri Forums 1.0.0
Zingiri Forums 1.0.7
Zingiri Forums 1.0.8
Zingiri Forums 1.3.1
Zingiri Forums 1.4.0
Zingiri Forums 1.0.5
Zingiri Forums 1.0.6
Zingiri Forums 1.2.1
Zingiri Forums 1.3.0
NA
CVE-2012-2916
Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in the SABRE plugin prior to 2.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the active_option parameter to wp-admin/tools.php.
Dlo Simple Anti Bot Registration Engine Plugin 0.8.0
Dlo Simple Anti Bot Registration Engine Plugin 0.7.4
Dlo Simple Anti Bot Registration Engine Plugin 0.6.0
Dlo Simple Anti Bot Registration Engine Plugin 0.4.2
Dlo Simple Anti Bot Registration Engine Plugin 1.1.1
Dlo Simple Anti Bot Registration Engine Plugin 1.1.0
Dlo Simple Anti Bot Registration Engine Plugin 0.7.1
Dlo Simple Anti Bot Registration Engine Plugin 0.7.0
Dlo Simple Anti Bot Registration Engine Plugin 0.2.2
Dlo Simple Anti Bot Registration Engine Plugin 0.2.1
Dlo Simple Anti Bot Registration Engine Plugin 1.0.0
Dlo Simple Anti Bot Registration Engine Plugin 0.9.0
Dlo Simple Anti Bot Registration Engine Plugin 0.6.3
Dlo Simple Anti Bot Registration Engine Plugin 0.6.2
Dlo Simple Anti Bot Registration Engine Plugin 0.6.1
Dlo Simple Anti Bot Registration Engine Plugin 0.1.1
Dlo Simple Anti Bot Registration Engine Plugin
Dlo Simple Anti Bot Registration Engine Plugin 1.1.2
Dlo Simple Anti Bot Registration Engine Plugin 0.7.3
Dlo Simple Anti Bot Registration Engine Plugin 0.7.2
Dlo Simple Anti Bot Registration Engine Plugin 0.4.1
Dlo Simple Anti Bot Registration Engine Plugin 0.4.0
NA
CVE-2013-5963
Unrestricted file upload vulnerability in multi.php in Simple Dropbox Upload plugin prior to 1.8.8.1 for WordPress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-co...
Cdsincdesign Simple Dropbox Upload Form
Cdsincdesign Simple Dropbox Upload Form 0.5.0
Cdsincdesign Simple Dropbox Upload Form 1.0.0
Cdsincdesign Simple Dropbox Upload Form 1.1.0
Cdsincdesign Simple Dropbox Upload Form 1.1.1
Cdsincdesign Simple Dropbox Upload Form 1.1.2
Cdsincdesign Simple Dropbox Upload Form 1.2.0
Cdsincdesign Simple Dropbox Upload Form 1.3.0
Cdsincdesign Simple Dropbox Upload Form 1.3.1
Cdsincdesign Simple Dropbox Upload Form 1.4.0
Cdsincdesign Simple Dropbox Upload Form 1.5.0
Cdsincdesign Simple Dropbox Upload Form 1.5.1
Cdsincdesign Simple Dropbox Upload Form 1.5.2
Cdsincdesign Simple Dropbox Upload Form 1.5.3
Cdsincdesign Simple Dropbox Upload Form 1.6.0
Cdsincdesign Simple Dropbox Upload Form 1.7.0
Cdsincdesign Simple Dropbox Upload Form 1.8.0
Cdsincdesign Simple Dropbox Upload Form 1.8.1
Cdsincdesign Simple Dropbox Upload Form 1.8.2
Cdsincdesign Simple Dropbox Upload Form 1.8.3
Cdsincdesign Simple Dropbox Upload Form 1.8.4
Cdsincdesign Simple Dropbox Upload Form 1.8.5
8.1
CVSSv3
CVE-2017-8099
There is CSRF in the WHIZZ plugin prior to 1.1.1 for WordPress, allowing malicious users to delete any WordPress users and change the plugin's status via a GET request.
Browserweb Inc Whizz
6.1
CVSSv3
CVE-2017-18529
The promobar plugin prior to 1.1.1 for WordPress has multiple XSS issues.
Bestwebsoft Promobar
8.8
CVSSv3
CVE-2016-11003
The Elegant Themes Bloom plugin prior to 1.1.1 for WordPress has privilege escalation.
Elegantthemes Monarch
6.1
CVSSv3
CVE-2015-9321
The shortcode-factory plugin prior to 1.1.1 for WordPress has XSS via add_query_arg.
Wpmadeeasy Shortcode Factory
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »