Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.2.5 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-100018
Cross-site scripting (XSS) vulnerability in the Unconfirmed plugin prior to 1.2.5 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the s parameter in the unconfirmed page to wp-admin/network/users.php.
Unconfirmed Project Unconfirmed
5.4
CVSSv3
CVE-2021-24529
The Grid Gallery – Photo Image Grid Gallery WordPress plugin prior to 1.2.5 does not properly sanitize the title field for image galleries when adding them via the admin dashboard, resulting in an authenticated Stored Cross-Site Scripting vulnerability.
Awplife Grid Gallery
4.3
CVSSv3
CVE-2021-24730
The Logo Showcase with Slick Slider WordPress plugin prior to 1.2.5 does not have CSRF and authorisation checks in the lswss_save_attachment_data AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary upload...
Infornweb Logo Showcase With Slick Slider
4.3
CVSSv3
CVE-2023-6066
The WP Custom Widget area WordPress plugin up to and including 1.2.5 does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site.
Kishorkhambu Wp Custom Widget Area
8.8
CVSSv3
CVE-2021-39317
A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.p...
Accesspressthemes Access Demo Importer
Accesspressthemes Eightstore-lite
Accesspressthemes Enlighten
Accesspressthemes Fotography
Accesspressthemes Opstore
Accesspressthemes Parallaxsome
Accesspressthemes Punte
Accesspressthemes Revolve
Accesspressthemes Ripple
Accesspressthemes Sakala
Accesspressthemes Scrollme
Accesspressthemes Storevilla
Accesspressthemes Swing-lite
Accesspressthemes The100
Accesspressthemes Accesspress-lite
Accesspressthemes The-launcher
Accesspressthemes The-monday
Accesspressthemes Ultra-seven
Accesspressthemes Uncode-lite
Accesspressthemes Vmag
Accesspressthemes Vmagazine-lite
Accesspressthemes Vmagazine-news
6.5
CVSSv3
CVE-2023-0556
The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.2.5. This makes it possible for unauthenticated malicious users to obtain the blog metadata (via the function cs...
Contentstudio Contentstudio
6.1
CVSSv3
CVE-2018-14430
The Mondula Multi Step Form plugin up to and including 1.2.5 for WordPress allows XSS via the fw_data [id][1], fw_data [id][2], fw_data [id][3], fw_data [id][4], or email field of the contact form, exploitable with an fw_send_email action to wp-admin/admin-ajax.php.
Mondula Multi Step Form
NA
CVE-2014-5196
Cross-site request forgery (CSRF) vulnerability in improved-user-search-in-backend.php in the backend in the Improved user search in backend plugin prior to 1.2.5 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that insert X...
Improved User Search In Backend Project Improved User Search In Backend
9.8
CVSSv3
CVE-2023-0558
The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated malicious users to execute functions intended for u...
Contentstudio Contentstudio
9.8
CVSSv3
CVE-2021-24236
The Imagements WordPress plugin up to and including 1.2.5 allows images to be uploaded in comments, however only checks for the Content-Type in the request to forbid dangerous files. This allows unauthenticated malicious users to upload arbitrary files by using a valid image Cont...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975
CVE-2024-2961
CVE-2024-20380
XML injection
HTML injection
CVE-2024-29204
CVE-2023-51795
memory leak
CVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »