Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.6 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-24820
The Cost Calculator WordPress plugin up to and including 1.6 allows authenticated users (Contributor+ in versions < 1.5, and Admin+ in versions <= 1.6) to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post's Layout
Bold-themes Cost Calculator
NA
CVE-2014-2558
The File Gallery plugin prior to 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting fields to /wp-admin/options-media.php, related to the create_function function.
Skyphe File-gallery 1.7
Skyphe File-gallery 1.5.6
Skyphe File-gallery 1.7.4.1
Skyphe File-gallery 1.5.8
Skyphe File-gallery 1.7.5
Skyphe File-gallery 1.7.4
Skyphe File-gallery 1.6.5
Skyphe File-gallery
Skyphe File-gallery 1.5
Skyphe File-gallery 1.7.8
Skyphe File-gallery 1.5.4
Skyphe File-gallery 1.7.6
Skyphe File-gallery 1.4
Skyphe File-gallery 1.5.1
Skyphe File-gallery 1.6.5.2
Skyphe File-gallery 1.6.4
Skyphe File-gallery 1.6.5.5
Skyphe File-gallery 1.2
Skyphe File-gallery 1.6.5.3
Skyphe File-gallery 1.5.3
Skyphe File-gallery 1.5.7
Skyphe File-gallery 1.3
NA
CVE-2014-3937
SQL injection vulnerability in the Contextual Related Posts plugin prior to 1.8.10.2 for WordPress allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Ajaydsouza Contextual Related Posts 1.8.4
Ajaydsouza Contextual Related Posts 1.3
Ajaydsouza Contextual Related Posts 1.5.1
Ajaydsouza Contextual Related Posts 1.2.1
Ajaydsouza Contextual Related Posts 1.8.6
Ajaydsouza Contextual Related Posts 1.6.1
Ajaydsouza Contextual Related Posts 1.8.8
Ajaydsouza Contextual Related Posts 1.7.2
Ajaydsouza Contextual Related Posts 1.1.1
Ajaydsouza Contextual Related Posts 1.2.2
Ajaydsouza Contextual Related Posts 1.1
Ajaydsouza Contextual Related Posts 1.8.9
Ajaydsouza Contextual Related Posts 1.6
Ajaydsouza Contextual Related Posts 1.8.9.1
Ajaydsouza Contextual Related Posts 1.8.1
Ajaydsouza Contextual Related Posts 1.4
Ajaydsouza Contextual Related Posts 1.7.3
Ajaydsouza Contextual Related Posts 1.0
Ajaydsouza Contextual Related Posts 1.6.4
Ajaydsouza Contextual Related Posts 1.5
Ajaydsouza Contextual Related Posts 1.8.7
Ajaydsouza Contextual Related Posts 1.6.3
NA
CVE-2024-25594
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Savvy Wordpress Development MyWaze allows Stored XSS.This issue affects MyWaze: from n/a up to and including 1.6.
NA
CVE-2009-2143
PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin prior to 1.6.2-stable for WordPress allows remote malicious users to execute arbitrary PHP code via a URL in the fs_javascript parameter.
Firestats Firestats
Firestats Firestats 0.9.0-beta
Firestats Firestats 0.9.1-beta
Firestats Firestats 0.9.2-beta
Firestats Firestats 0.9.3-beta
Firestats Firestats 0.9.4-beta
Firestats Firestats 0.9.5-beta
Firestats Firestats 0.9.6-beta
Firestats Firestats 0.9.7-beta
Firestats Firestats 0.9.8-beta
Firestats Firestats 0.9.9
Firestats Firestats 1.0
Firestats Firestats 1.0.0
Firestats Firestats 1.0.1
Firestats Firestats 1.0.2
Firestats Firestats 1.1.1
Firestats Firestats 1.1.2
Firestats Firestats 1.1.3
Firestats Firestats 1.1.4
Firestats Firestats 1.1.5
Firestats Firestats 1.1.6
Firestats Firestats 1.1.7
NA
CVE-2009-2144
SQL injection vulnerability in the FireStats plugin prior to 1.6.2-stable for WordPress allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Edgewall Firestats
Edgewall Firestats 0.9.0-beta
Edgewall Firestats 0.9.1-beta
Edgewall Firestats 0.9.2-beta
Edgewall Firestats 0.9.3-beta
Edgewall Firestats 0.9.4-beta
Edgewall Firestats 0.9.5-beta
Edgewall Firestats 0.9.6-beta
Edgewall Firestats 0.9.7-beta
Edgewall Firestats 0.9.8-beta
Edgewall Firestats 0.9.9
Edgewall Firestats 1.0
Edgewall Firestats 1.0.0
Edgewall Firestats 1.0.1
Edgewall Firestats 1.0.2
Edgewall Firestats 1.1.1
Edgewall Firestats 1.1.2
Edgewall Firestats 1.1.3
Edgewall Firestats 1.1.4
Edgewall Firestats 1.1.5
Edgewall Firestats 1.1.6
Edgewall Firestats 1.1.7
6.5
CVSSv3
CVE-2021-25121
The Rating by BestWebSoft WordPress plugin prior to 1.6 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service on the post/page when a user submit such rating
Bestwebsoft Rating
6.1
CVSSv3
CVE-2014-6444
Multiple cross-site scripting (XSS) vulnerabilities in the Titan Framework plugin prior to 1.6 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) t parameter to iframe-googlefont-preview.php or the (2) text parameter to iframe-font-previ...
Titan Framework Project Titan Framework
4.8
CVSSv3
CVE-2022-3831
The reCAPTCHA WordPress plugin up to and including 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in mul...
Recaptcha Project Recaptcha
NA
CVE-2013-3720
Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin prior to 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wp_post_id parameter.
Feedweb Feedweb
Feedweb Feedweb 1.0.4
Feedweb Feedweb 1.0.5
Feedweb Feedweb 1.0.6
Feedweb Feedweb 1.0.7
Feedweb Feedweb 1.0.8
Feedweb Feedweb 1.1.1
Feedweb Feedweb 1.1.4
Feedweb Feedweb 1.1.5
Feedweb Feedweb 1.1.6
Feedweb Feedweb 1.1.7
Feedweb Feedweb 1.1.9
Feedweb Feedweb 1.2
Feedweb Feedweb 1.2.1
Feedweb Feedweb 1.2.2
Feedweb Feedweb 1.2.3
Feedweb Feedweb 1.2.4
Feedweb Feedweb 1.2.5
Feedweb Feedweb 1.2.6
Feedweb Feedweb 1.2.7
Feedweb Feedweb 1.2.8
Feedweb Feedweb 1.2.9
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »