Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.0.1 vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2021-24607
The Storefront Footer Text WordPress plugin up to and including 1.0.1 does not sanitize and escape the "Footer Credit Text" added to pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed.
Wooassist Storefront Footer Text
4.3
CVSSv3
CVE-2023-6384
The WP User Profile Avatar WordPress plugin prior to 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar
Wp-eventmanager User Profile Avatar
4.3
CVSSv3
CVE-2021-24688
The Orange Form WordPress plugin up to and including 1.0.1 does not have any authorisation and CSRF checks in all of its AJAX calls, for example the or_delete_filed one which is available to both unauthenticated and authenticated users could allow malicious users to delete arbitr...
Orange-form Project Orange-form
NA
CVE-2024-3071
The ACF On-The-Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the acfg_update_fields() function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with subscriber-level ...
NA
CVE-2024-3059
The ENL Newsletter WordPress plugin up to and including 1.0.1 does not have CSRF checks in some places, which could allow malicious users to make logged in admins delete arbitrary Campaigns via a CSRF attack
NA
CVE-2024-3058
The ENL Newsletter WordPress plugin up to and including 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow malicious users to make logged in admin add Stored XSS payloads via a CSRF attack
NA
CVE-2024-3060
The ENL Newsletter WordPress plugin up to and including 1.0.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin+ to perform SQL injection attacks
NA
CVE-2023-6067
The WP User Profile Avatar WordPress plugin up to and including 1.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stor...
NA
CVE-2011-5307
Cross-site scripting (XSS) vulnerability in index.php in the PhotoSmash plugin 1.0.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the action parameter.
Photosmash Project Photosmash 1.01
NA
CVE-2014-8586
SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote malicious users to execute arbitrary SQL commands via the calid parameter.
Cp Multi View Event Calendar Project Cp Multi View Event Calendar 1.0.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »