Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.4 vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2014-3903
Cross-site scripting (XSS) vulnerability in the Cakifo theme 1.x prior to 1.6.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via crafted Exif data.
Jayj Cakifo 1.4.3
Jayj Cakifo 1.4.2
Jayj Cakifo 1.4.1
Jayj Cakifo 1.5.0
Jayj Cakifo 1.4.4
Jayj Cakifo 1.6
Jayj Cakifo 1.5.1
Jayj Cakifo
Jayj Cakifo 1.4
3.5
CVSSv2
CVE-2014-5202
Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter.
Compfight Project Compfight 1.4
3.5
CVSSv2
CVE-2013-3720
Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin prior to 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wp_post_id parameter.
Feedweb Feedweb 1.3.7
Feedweb Feedweb 1.3.6
Feedweb Feedweb 1.3.5
Feedweb Feedweb 1.3.4
Feedweb Feedweb 1.5.11
Feedweb Feedweb 1.5.12
Feedweb Feedweb 1.5.1
Feedweb Feedweb 1.5.10
Feedweb Feedweb 1.7
Feedweb Feedweb 1.7.3
Feedweb Feedweb 1.7.2
Feedweb Feedweb 1.8.7
Feedweb Feedweb 1.3.14
Feedweb Feedweb 1.3.13
Feedweb Feedweb 1.2.6
Feedweb Feedweb 1.2.5
Feedweb Feedweb 1.2.4
Feedweb Feedweb 1.2.11
Feedweb Feedweb 1.0.7
Feedweb Feedweb 1.0.8
Feedweb Feedweb 1.0.5
Feedweb Feedweb
1.9
CVSSv2
CVE-2017-2624
It was found that xorg-x11-server prior to 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is...
X.org Xorg-server
Debian Debian Linux 7.0
1 Github repository
NA
CVE-2024-3917
The Pet Manager WordPress plugin up to and including 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
NA
CVE-2024-3918
The Pet Manager WordPress plugin up to and including 1.4 does not sanitise and escape some of its Pet settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks.
NA
CVE-2024-34423
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phpbits Forty Four – 404 Plugin for WordPress allows Stored XSS.This issue affects Forty Four – 404 Plugin for WordPress: from n/a up to and including 1.4.
NA
CVE-2023-6390
The WordPress Users WordPress plugin up to and including 1.4 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack.
Jonathonkemp Wordpress Users
NA
CVE-2023-5137
The Simply Excerpts WordPress plugin up to and including 1.4 does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (fo...
Shooflysolutions Simply Excerpts
NA
CVE-2023-5071
The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sitekit_iframe' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contri...
Sitekit Project Sitekit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »