Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.4 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-36405
Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in amCharts: Charts and Maps plugin <= 1.4 at WordPress.
Amcharts Amcharts\\ Charts And Maps
668
VMScore
CVE-2016-10955
The cysteme-finder plugin prior to 1.4 for WordPress has unrestricted file upload because of incorrect session tracking.
Cysteme Cysteme-finder
383
VMScore
CVE-2014-5344
Multiple cross-site scripting (XSS) vulnerabilities in the Mobiloud (mobiloud-mobile-app-plugin) plugin prior to 2.3.8 for WordPress allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third pa...
Mobiloud Mobiloud 2.3.1
Mobiloud Mobiloud 2.1
Mobiloud Mobiloud 1.8.11
Mobiloud Mobiloud 1.8.9
Mobiloud Mobiloud 1.8.2
Mobiloud Mobiloud 1.8.0
Mobiloud Mobiloud 1.6.2
Mobiloud Mobiloud 1.6
Mobiloud Mobiloud 1.4
Mobiloud Mobiloud 1.3.7
Mobiloud Mobiloud 1.2.5
Mobiloud Mobiloud 1.0
Mobiloud Mobiloud 1.8.8
Mobiloud Mobiloud 1.8.7
Mobiloud Mobiloud 1.8.6
Mobiloud Mobiloud 1.8.5
Mobiloud Mobiloud 1.5.3
Mobiloud Mobiloud 1.5.2
Mobiloud Mobiloud 1.5.1
Mobiloud Mobiloud 1.5
Mobiloud Mobiloud 1.9.0
Mobiloud Mobiloud 1.8.16
516
VMScore
CVE-2019-15772
The nd-donations plugin prior to 1.4 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.
Donations Project Donations
447
VMScore
CVE-2022-1595
The HC Custom WP-Admin URL WordPress plugin up to and including 1.4 leaks the secret login URL when sending a specific crafted request
Hc Custom Wp-admin Url Project Hc Custom Wp-admin Url
312
VMScore
CVE-2021-24752
Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin prior to 1.9, To Top WordPress plugin prior to 2.3,...
Catchplugins Catch Scroll Progress Bar
Catchplugins Catch Sticky Menu
Catchplugins Catch Themes Demo Import
Catchplugins Catch Under Construction
Catchplugins Catch Web Tools
Catchplugins Essential Content Types
Catchplugins Generate Child Theme
Catchplugins Header Enhancement
Catchplugins To Top
Catchplugins Essential Widgets
312
VMScore
CVE-2019-14795
The toggle-the-title (aka Toggle The Title) plugin 1.4 for WordPress has XSS via the wp-admin/admin-ajax.php?action=update_title_options isAutoSaveValveChecked or isDisableAllPagesValveChecked parameter.
Toggle-the-title Project Toggle-the-title
605
VMScore
CVE-2013-2710
Cross-site request forgery (CSRF) vulnerability in the Contextual Related Posts plugin prior to 1.8.7 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via unspecified vectors.
Ajaydsouza Contextual Related Posts 1.8.1
Ajaydsouza Contextual Related Posts 1.8
Ajaydsouza Contextual Related Posts 1.6.3
Ajaydsouza Contextual Related Posts 1.6.2
Ajaydsouza Contextual Related Posts 1.4
Ajaydsouza Contextual Related Posts 1.3.1
Ajaydsouza Contextual Related Posts 1.8.5
Ajaydsouza Contextual Related Posts 1.8.4
Ajaydsouza Contextual Related Posts 1.7.1
Ajaydsouza Contextual Related Posts 1.7
Ajaydsouza Contextual Related Posts 1.5.2
Ajaydsouza Contextual Related Posts 1.5.1
Ajaydsouza Contextual Related Posts 1.5
Ajaydsouza Contextual Related Posts 1.2.1
Ajaydsouza Contextual Related Posts 1.2
Ajaydsouza Contextual Related Posts 1.8.3
Ajaydsouza Contextual Related Posts 1.8.2
Ajaydsouza Contextual Related Posts 1.6.5
Ajaydsouza Contextual Related Posts 1.6.4
Ajaydsouza Contextual Related Posts 1.4.2
Ajaydsouza Contextual Related Posts 1.4.1
Ajaydsouza Contextual Related Posts 1.1.1
578
VMScore
CVE-2014-2558
The File Gallery plugin prior to 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting fields to /wp-admin/options-media.php, related to the create_function function.
Skyphe File-gallery 1.7.2
Skyphe File-gallery 1.7.1
Skyphe File-gallery 1.7
Skyphe File-gallery 1.6.5.5
Skyphe File-gallery 1.6.6
Skyphe File-gallery 1.6.5.4
Skyphe File-gallery 1.6.5.3
Skyphe File-gallery 1.5.7
Skyphe File-gallery 1.5.6
Skyphe File-gallery 1.5.5
Skyphe File-gallery 1.5.4
Skyphe File-gallery 1.7.5.3
Skyphe File-gallery 1.7.5.1
Skyphe File-gallery 1.7.5
Skyphe File-gallery 1.6.3
Skyphe File-gallery 1.6.2
Skyphe File-gallery 1.6.0.1
Skyphe File-gallery 1.6
Skyphe File-gallery 1.5
Skyphe File-gallery
Skyphe File-gallery 1.7.7
Skyphe File-gallery 1.7.4.1
383
VMScore
CVE-2022-0621
The dTabs WordPress plugin up to and including 1.4 does not sanitize and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
Dtabs Project Dtabs
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »