Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-3577
Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin prior to 1.4 for WordPress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file ...
Nmedia Member Conversation
Nmedia Member Conversation 1.2
Nmedia Member Conversation 1.0
1 EDB exploit
9.8
CVSSv3
CVE-2017-6095
A SQL injection issue exists in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id.
Mail-masta Project Mail-masta 1.0
1 EDB exploit
7.2
CVSSv3
CVE-2017-6096
A SQL injection issue exists in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Parameter: filter_list.
Mail-masta Project Mail-masta 1.0
1 EDB exploit
7.2
CVSSv3
CVE-2017-6097
A SQL injection issue exists in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to Wordpress admin) with the POST Parameter: camp_id.
Mail-masta Project Mail-masta 1.0
1 EDB exploit
7.2
CVSSv3
CVE-2017-6098
A SQL injection issue exists in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign_save.php (Requires authentication to Wordpress admin) with the POST Parameter: list_id.
Mail-masta Project Mail-masta 1.0
1 EDB exploit
9.8
CVSSv3
CVE-2018-5315
The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to event.php.
Wp Events Calendar Project Wp Events Calendar 1.0
1 EDB exploit
NA
CVE-2014-3210
SQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin prior to 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the booking_form_id parameter to wp-admin/admin-ajax.php.
Dotonpaper Booking System
Dotonpaper Booking System 1.1
Dotonpaper Booking System 1.0
1 EDB exploit
NA
CVE-2009-2122
SQL injection vulnerability in viewimg.php in the Paolo Palmonari Photoracer plugin 1.0 for WordPress allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Paolo Palmonari Photoracer Plugin For Wordpress 1.0
1 EDB exploit
9.8
CVSSv3
CVE-2019-9618
The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the "cfg" parameter.
Gracemedia Media Player Project Gracemedia Media Player 1.0
1 EDB exploit
8.8
CVSSv3
CVE-2017-14848
WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter.
Dasinfomedia Wphrm Human Resource Management System 1.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »