Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2019-9879
The WPGraphQL 0.2.3 plugin for WordPress allows remote malicious users to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation.
Wpengine Wpgraphql 0.2.3
1 EDB exploit
755
VMScore
CVE-2019-10866
In the Form Maker plugin prior to 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_parameters in the file form-maker/admin/models/Submissions_fm.php with a crafted value of the /models/Submissioc parameter.
10web Form Maker
1 EDB exploit
755
VMScore
CVE-2019-9618
The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the "cfg" parameter.
Gracemedia Media Player Project Gracemedia Media Player 1.0
1 EDB exploit
755
VMScore
CVE-2018-10969
SQL injection vulnerability in the Pie Register plugin prior to 3.0.10 for WordPress allows remote malicious users to execute arbitrary SQL commands via the invitation codes grid.
Genetechsolutions Pie Register
1 EDB exploit
755
VMScore
CVE-2018-5315
The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to event.php.
Wp Events Calendar Project Wp Events Calendar 1.0
1 EDB exploit
755
VMScore
CVE-2018-3811
SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin prior to 3.5 for WordPress allows unauthenticated malicious users to execute SQL queries in the context of the web server. The saveGoogleAdWords() function in smartgooglecode.php did not use prepared stat...
Oturia Smart Google Code Inserter
1 EDB exploit
1 Github repository
755
VMScore
CVE-2018-3810
Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin prior to 3.5 for WordPress allows unauthenticated malicious users to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. The ...
Oturia Smart Google Code Inserter
1 EDB exploit
1 Github repository
755
VMScore
CVE-2017-16949
An issue exists in the AccessKeys AccessPress Anonymous Post Pro plugin up to and including 3.1.9 for WordPress. Improper input sanitization allows the malicious user to override the settings for allowed file extensions and upload file size, related to inc/cores/file-uploader.php...
Accesspressthemes Anonymous Post Pro
1 EDB exploit
755
VMScore
CVE-2017-16562
The UserPro plugin prior to 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote malicious users to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to t...
Userproplugin Userpro
1 EDB exploit
755
VMScore
CVE-2017-14507
Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote malicious users to execute arbitrary SQL commands via the (1) timeline parameter in content_timeline_class.php; or the id parameter to (2) pages/content_timeline_edit.php or (3)...
Shindiristudio Content Timeline 4.4.2
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »