Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.0.1 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-24477
The Migrate Users WordPress plugin up to and including 1.0.1 does not sanitise or escape its Delimiter option before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its options, allowing t...
Migrate Users Project Migrate Users
4.3
CVSSv2
CVE-2014-10395
The cp-polls plugin prior to 1.0.1 for WordPress has XSS in the votes list.
Codepeople Polls Cp
4.3
CVSSv2
CVE-2015-7666
Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin prior to 1.0.2 for WordPress allow remote malicious users to inject arbitr...
Codepeople Payment Form For Paypal Pro
4.3
CVSSv2
CVE-2015-7667
Multiple cross-site scripting (XSS) vulnerabilities in (1) templates/admanagement/admanagement.php and (2) templates/adspot/adspot.php in the ResAds plugin prior to 1.0.2 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the page parameter.
Web-mv Resads
4.3
CVSSv2
CVE-2017-9420
Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin prior to 3.3.0 for WordPress allows remote malicious users to inject arbitrary JavaScript via the yr parameter.
Sunnythemes Spiffy Calendar 3.0.8
Sunnythemes Spiffy Calendar 3.0.7
Sunnythemes Spiffy Calendar 3.0.0
Sunnythemes Spiffy Calendar 2.1.3
Sunnythemes Spiffy Calendar 1.2.0
Sunnythemes Spiffy Calendar 1.1.8
Sunnythemes Spiffy Calendar 1.1.2
Sunnythemes Spiffy Calendar 1.1.1
Sunnythemes Spiffy Calendar 3.1.3
Sunnythemes Spiffy Calendar 3.1.2
Sunnythemes Spiffy Calendar 3.0.4
Sunnythemes Spiffy Calendar 3.0.3
Sunnythemes Spiffy Calendar 2.1.0
Sunnythemes Spiffy Calendar 2.0.1
Sunnythemes Spiffy Calendar 1.1.5
Sunnythemes Spiffy Calendar 2.0.0
Sunnythemes Spiffy Calendar 1.0.3
Sunnythemes Spiffy Calendar 1.0.1
Sunnythemes Spiffy Calendar 3.1.1
Sunnythemes Spiffy Calendar 3.1.0
Sunnythemes Spiffy Calendar 3.0.2
Sunnythemes Spiffy Calendar 3.0.1
4.3
CVSSv2
CVE-2011-5307
Cross-site scripting (XSS) vulnerability in index.php in the PhotoSmash plugin 1.0.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the action parameter.
Photosmash Project Photosmash 1.01
4.3
CVSSv2
CVE-2014-6312
Cross-site request forgery (CSRF) vulnerability in the Login Widget With Shortcode (login-sidebar-widget) plugin prior to 3.2.1 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks ...
Login Widget With Shortcode Project Login Widget With Shortcode 1.0.1
Login Widget With Shortcode Project Login Widget With Shortcode 2.0.2
Login Widget With Shortcode Project Login Widget With Shortcode 2.2.3
Login Widget With Shortcode Project Login Widget With Shortcode 2.2.4
Login Widget With Shortcode Project Login Widget With Shortcode
Login Widget With Shortcode Project Login Widget With Shortcode 2.0.1
Login Widget With Shortcode Project Login Widget With Shortcode 2.1.3
1 EDB exploit
4.3
CVSSv2
CVE-2014-4606
Cross-site scripting (XSS) vulnerability in redirect_to_zeenshare.php in the ZeenShare plugin 1.0.1 and previous versions for WordPress allows remote malicious users to inject arbitrary web script or HTML via the zs_sid parameter.
Zeenshare Project Zeenshare
4.3
CVSSv2
CVE-2014-4533
Cross-site scripting (XSS) vulnerability in ajax_functions.php in the GEO Redirector plugin 1.0.1 and previous versions for WordPress allows remote malicious users to inject arbitrary web script or HTML via the hid_id parameter.
Geo Redirector Plugin Project Geo Redirector
4.3
CVSSv2
CVE-2012-6627
Cross-site scripting (XSS) vulnerability in admin/test_mail.php in the Newsletter Manager plugin 1.0.2 and previous versions for WordPress allows remote malicious users to inject arbitrary web script or HTML via the id parameter.
Xyzscripts Newsletter Manager
Xyzscripts Newsletter Manager 1.0.1
Xyzscripts Newsletter Manager 1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »