Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.3.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2021-4402
The Multiple Roles plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the mu_add_roles_in_signup_meta() and mu_add_roles_in_signup_meta_recently() functions. This makes ...
Multiple Roles Project Multiple Roles
NA
CVE-2024-0698
The Easy!Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
NA
CVE-2024-2752
The Where Did You Hear About Us Checkout Field for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via order meta in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authe...
NA
CVE-2020-36708
The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1...
Machothemes Naturemag Lite
Colorlib Sparklinkg
Machothemes Antreas
Colorlib Bonkers
Cpothemes Affluent
Cpothemes Transcend
Machothemes Regina Lite
Cpothemes Brilliance
Machothemes Medzone Lite
Colorlib Pixova Lite
Colorlib Newspaper X
Cpothemes Allegiant
Colorlib Illdy
Colorlib Activello
Machothemes Newsmag
Colorlib Shapely
383
VMScore
CVE-2021-24570
The Accept Donations with PayPal WordPress plugin prior to 1.3.1 offers a function to create donation buttons, which internally are posts. The process to create a new button is lacking a CSRF check. An attacker could use this to make an authenticated admin create a new button. Fu...
Wpplugin Accept Donations With Paypal
NA
CVE-2023-2406
The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, an...
Vcita Event Registration Calendar By Vcita
Vcita Online Payments - Get Paid With Paypal\\, Square \\& Stripe
NA
CVE-2024-2542
The Jotform Online Forms – Drag & Drop Form Builder, Securely Embed Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.1 due to insufficient input sanitization and ...
NA
CVE-2022-3402
The Log HTTP Requests plugin for WordPress is vulnerable to Stored Cross-Site Scripting via logged HTTP requests in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers who can trick ...
Facetwp Log Http Requests
445
VMScore
CVE-2017-11658
In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack.
Wp-rocket Wp-rocket 2.9.11
Wp-rocket Wp-rocket 2.9.10
Wp-rocket Wp-rocket 2.9.9
Wp-rocket Wp-rocket 2.9.8.1
Wp-rocket Wp-rocket 2.8.18
Wp-rocket Wp-rocket 2.8.17
Wp-rocket Wp-rocket 2.8.16
Wp-rocket Wp-rocket 2.8.15
Wp-rocket Wp-rocket 2.8.1
Wp-rocket Wp-rocket 2.8.0
Wp-rocket Wp-rocket 2.7.4
Wp-rocket Wp-rocket 2.7.3
Wp-rocket Wp-rocket 2.6.7
Wp-rocket Wp-rocket 2.6.6
Wp-rocket Wp-rocket 2.6.5
Wp-rocket Wp-rocket 2.6.4
Wp-rocket Wp-rocket 2.5.3
Wp-rocket Wp-rocket 2.5.2
Wp-rocket Wp-rocket 2.5.1
Wp-rocket Wp-rocket 2.5.0
Wp-rocket Wp-rocket 2.3.1
Wp-rocket Wp-rocket 2.3.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7