Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.3 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2021-24396
A pageid GET parameter of the GSEOR – WordPress SEO Plugin WordPress plugin up to and including 1.3 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
Bestiaweb Gseor
NA
CVE-2023-2813
All of the above Aapna WordPress theme up to and including 1.3, Anand WordPress theme up to and including 1.2, Anfaust WordPress theme up to and including 1.1, Arendelle WordPress theme prior to 1.1.13, Atlast Business WordPress theme up to and including 1.5.8.5, Bazaar Lite Word...
Saumendra Aapna
Saumendra Anand
Thewebhunter Anfaust
Deothemes Arendelle
Archimidismertzanos Atlast Business
Themeinprogress Bazaar Lite
Arthousewebdesign Brain Power
Yws Bunnypress Lite
Ayecode Cafe Bistro
Ayecode College
Omarfolgheraiter Digitally
Henleythemes Counterpoint
Ajaydsouza Connections Reloaded
Competethemes Drop
Ayecode Directory
Deothemes Everse
Archimidismertzanos Fashionable Store
Marchettidesign Fullbase
Dotecsa Ilex
Jinwen Js O3 Lite
Climaxthemes Kata
Jinwen Js Paper
4.3
CVSSv2
CVE-2014-5344
Multiple cross-site scripting (XSS) vulnerabilities in the Mobiloud (mobiloud-mobile-app-plugin) plugin prior to 2.3.8 for WordPress allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third pa...
Mobiloud Mobiloud 2.3.1
Mobiloud Mobiloud 2.1
Mobiloud Mobiloud 1.8.11
Mobiloud Mobiloud 1.8.9
Mobiloud Mobiloud 1.8.2
Mobiloud Mobiloud 1.8.0
Mobiloud Mobiloud 1.6.2
Mobiloud Mobiloud 1.6
Mobiloud Mobiloud 1.4
Mobiloud Mobiloud 1.3.7
Mobiloud Mobiloud 1.2.5
Mobiloud Mobiloud 1.0
Mobiloud Mobiloud 1.8.8
Mobiloud Mobiloud 1.8.7
Mobiloud Mobiloud 1.8.6
Mobiloud Mobiloud 1.8.5
Mobiloud Mobiloud 1.5.3
Mobiloud Mobiloud 1.5.2
Mobiloud Mobiloud 1.5.1
Mobiloud Mobiloud 1.5
Mobiloud Mobiloud 1.9.0
Mobiloud Mobiloud 1.8.16
4.3
CVSSv2
CVE-2020-15535
An issue exists in the bestsoftinc Car Rental System plugin up to and including 1.3 for WordPress. Persistent XSS can occur via any of the registration fields.
Bestsoftinc Car Rental System
6.5
CVSSv2
CVE-2021-24602
The HM Multiple Roles WordPress plugin prior to 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page
Hmplugin Hm Multiple Roles
4.3
CVSSv2
CVE-2015-0901
Cross-site scripting (XSS) vulnerability in the duwasai flashy theme 1.3 and previous versions for WordPress allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Flashy Project Flashy
4.3
CVSSv2
CVE-2022-1267
The BMI BMR Calculator WordPress plugin up to and including 1.3 does not sanitise and escape arbitrary POST data before outputting it back in the response, leading to a Reflected Cross-Site Scripting
Bmi Bmr Calculator Project Bmi Bmr Calculator
6.8
CVSSv2
CVE-2013-2709
Cross-site request forgery (CSRF) vulnerability in the FourSquare Checkins plugin prior to 1.3 for WordPress allows remote malicious users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Crunchify Foursquare-checkins 1.1
Crunchify Foursquare-checkins
Crunchify Foursquare-checkins 1.0
6.8
CVSSv2
CVE-2013-2710
Cross-site request forgery (CSRF) vulnerability in the Contextual Related Posts plugin prior to 1.8.7 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via unspecified vectors.
Ajaydsouza Contextual Related Posts 1.8.1
Ajaydsouza Contextual Related Posts 1.8
Ajaydsouza Contextual Related Posts 1.6.3
Ajaydsouza Contextual Related Posts 1.6.2
Ajaydsouza Contextual Related Posts 1.4
Ajaydsouza Contextual Related Posts 1.3.1
Ajaydsouza Contextual Related Posts 1.8.5
Ajaydsouza Contextual Related Posts 1.8.4
Ajaydsouza Contextual Related Posts 1.7.1
Ajaydsouza Contextual Related Posts 1.7
Ajaydsouza Contextual Related Posts 1.5.2
Ajaydsouza Contextual Related Posts 1.5.1
Ajaydsouza Contextual Related Posts 1.5
Ajaydsouza Contextual Related Posts 1.2.1
Ajaydsouza Contextual Related Posts 1.2
Ajaydsouza Contextual Related Posts 1.8.3
Ajaydsouza Contextual Related Posts 1.8.2
Ajaydsouza Contextual Related Posts 1.6.5
Ajaydsouza Contextual Related Posts 1.6.4
Ajaydsouza Contextual Related Posts 1.4.2
Ajaydsouza Contextual Related Posts 1.4.1
Ajaydsouza Contextual Related Posts 1.1.1
4
CVSSv2
CVE-2022-1956
The Shortcut Macros WordPress plugin up to and including 1.3 does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to update them.
Shortcut Macros Project Shortcut Macros
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »