Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.1.1 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-18554
The analytics-tracker plugin prior to 1.1.1 for WordPress has XSS via a search event.
Analytics Tracker Project Analytics Tracker
9.8
CVSSv3
CVE-2015-9335
The limit-attempts plugin prior to 1.1.1 for WordPress has SQL injection during IP address handling.
Bestwebsoft Limit Attempts
8.8
CVSSv3
CVE-2023-28661
The WP Popup Banners WordPress Plugin, version <= 1.2.5, is affected by an authenticated SQL injection vulnerability in the 'value' parameter in the get_popup_data action.
Accesspressthemes Wp Popup Banners 1.2.3
Accesspressthemes Wp Popup Banners 1.2.4
Accesspressthemes Wp Popup Banners 1.2.2
Accesspressthemes Wp Popup Banners 1.2.1
Accesspressthemes Wp Popup Banners 1.2.0
Accesspressthemes Wp Popup Banners 1.1.9
Accesspressthemes Wp Popup Banners 1.1.8
Accesspressthemes Wp Popup Banners 1.1.7
Accesspressthemes Wp Popup Banners 1.1.6
Accesspressthemes Wp Popup Banners 1.1.5
Accesspressthemes Wp Popup Banners 1.1.4
Accesspressthemes Wp Popup Banners 1.1.3
Accesspressthemes Wp Popup Banners 1.1.2
Accesspressthemes Wp Popup Banners 1.1.1
Accesspressthemes Wp Popup Banners 1.1.0
Accesspressthemes Wp Popup Banners 1.0.9
Accesspressthemes Wp Popup Banners 1.0.8
Accesspressthemes Wp Popup Banners 1.0.7
Accesspressthemes Wp Popup Banners 1.0.6
Accesspressthemes Wp Popup Banners 1.0.5
Accesspressthemes Wp Popup Banners 1.0.4
Accesspressthemes Wp Popup Banners 1.0.3
7.5
CVSSv3
CVE-2015-9470
The history-collection plugin up to and including 1.1.1 for WordPress has directory traversal via the download.php var parameter.
Ionadas History Collection
4.8
CVSSv3
CVE-2022-26375
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mammothology AB Press Optimizer plugin <= 1.1.1 on WordPress.
Abpressoptimizer Ab Press Optimizer
7.2
CVSSv3
CVE-2022-29446
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Counter Box plugin <= 1.1.1 at WordPress.
Wow-company Counter Box
5.4
CVSSv3
CVE-2023-0175
The Responsive Clients Logo Gallery Plugin for WordPress plugin up to and including 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and a...
Accesspressthemes Smart Logo Showcase Lite 1.1.7
Accesspressthemes Smart Logo Showcase Lite 1.1.9
Accesspressthemes Smart Logo Showcase Lite 1.1.8
Accesspressthemes Smart Logo Showcase Lite 1.1.6
Accesspressthemes Smart Logo Showcase Lite 1.1.5
Accesspressthemes Smart Logo Showcase Lite 1.1.4
Accesspressthemes Smart Logo Showcase Lite 1.1.3
Accesspressthemes Smart Logo Showcase Lite 1.1.2
Accesspressthemes Smart Logo Showcase Lite 1.1.1
Accesspressthemes Smart Logo Showcase Lite 1.1.0
Accesspressthemes Smart Logo Showcase Lite 1.0.9
Accesspressthemes Smart Logo Showcase Lite 1.0.8
Accesspressthemes Smart Logo Showcase Lite 1.0.7
Accesspressthemes Smart Logo Showcase Lite 1.0.6
Accesspressthemes Smart Logo Showcase Lite 1.0.5
Accesspressthemes Smart Logo Showcase Lite 1.0.4
Accesspressthemes Smart Logo Showcase Lite 1.0.3
Accesspressthemes Smart Logo Showcase Lite 1.0.2
Accesspressthemes Smart Logo Showcase Lite 1.0.1
Accesspressthemes Smart Logo Showcase Lite 1.0.0
NA
CVE-2024-4857
The FS Product Inquiry WordPress plugin up to and including 1.1.1 does not sanitise and escape some form submissions, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks
6.1
CVSSv3
CVE-2017-9420
Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin prior to 3.3.0 for WordPress allows remote malicious users to inject arbitrary JavaScript via the yr parameter.
Sunnythemes Spiffy Calendar 1.3.1
Sunnythemes Spiffy Calendar 1.1.8
Sunnythemes Spiffy Calendar 2.1.1
Sunnythemes Spiffy Calendar 3.1.2
Sunnythemes Spiffy Calendar 3.0.2
Sunnythemes Spiffy Calendar 3.1.3
Sunnythemes Spiffy Calendar 1.1.4
Sunnythemes Spiffy Calendar 1.1.3
Sunnythemes Spiffy Calendar 3.0.7
Sunnythemes Spiffy Calendar 1.2.0
Sunnythemes Spiffy Calendar 3.0.5
Sunnythemes Spiffy Calendar 3.1.0
Sunnythemes Spiffy Calendar 1.1.6
Sunnythemes Spiffy Calendar 3.0.8
Sunnythemes Spiffy Calendar 3.0.6
Sunnythemes Spiffy Calendar 1.1.5
Sunnythemes Spiffy Calendar 3.0.4
Sunnythemes Spiffy Calendar 1.2.1
Sunnythemes Spiffy Calendar 3.1.1
Sunnythemes Spiffy Calendar 1.0.0
Sunnythemes Spiffy Calendar 1.1.1
Sunnythemes Spiffy Calendar 1.1.7
8.8
CVSSv3
CVE-2021-24303
The JiangQie Official Website Mini Program WordPress plugin prior to 1.1.1 does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues
Jiangqie Official Website Mini Program
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30078
CVE-2024-37896
code injection
CVE-2024-3080
CVE-2024-5172
cross-site request forgery
CVE-2024-6111
firmware
CVE-2024-38504
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »