Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.2 vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2023-3328
The Custom Field For WP Job Manager WordPress plugin prior to 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for exa...
Custom Field For Wp Job Manager Project Custom Field For Wp Job Manager
4.8
CVSSv3
CVE-2022-1750
The Sticky Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ popup_title' parameter in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...
Sticky Popup Project Sticky Popup
4.8
CVSSv3
CVE-2022-1512
The ScrollReveal.js Effects WordPress plugin up to and including 1.2 does not sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Scrollrevealjs-effects Project Scrollrevealjs-effects
4.3
CVSSv3
CVE-2021-24733
The WP Post Page Clone WordPress plugin prior to 1.2 allows users with a role as low as Contributor to clone and view other users' draft and password-protected posts which they cannot view normally.
Wp Post Page Clone Project Wp Post Page Clone
2.7
CVSSv3
CVE-2022-1684
The Cube Slider WordPress plugin up to and including 1.2 does not sanitise and escape the idslider parameter before using it in various SQL queries, leading to SQL Injections exploitable by high privileged users such as admin
Webpsilon Cube Slider
NA
CVE-2024-3641
The Newsletter Popup WordPress plugin up to and including 1.2 does not sanitise and escape some parameters, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks against admins
NA
CVE-2024-3642
The Newsletter Popup WordPress plugin up to and including 1.2 does not have CSRF check when deleting subscriber, which could allow malicious users to make logged in admins perform such action via a CSRF attack
NA
CVE-2024-3643
The Newsletter Popup WordPress plugin up to and including 1.2 does not have CSRF check when deleting list, which could allow malicious users to make logged in admins perform such action via a CSRF attack
NA
CVE-2024-3644
The Newsletter Popup WordPress plugin up to and including 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example...
NA
CVE-2024-1789
The WP SMTP plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in versions 1.2 to 1.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authe...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »