Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.4 vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2014-3903
Cross-site scripting (XSS) vulnerability in the Cakifo theme 1.x prior to 1.6.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via crafted Exif data.
Jayj Cakifo 1.4.1
Jayj Cakifo 1.4.2
Jayj Cakifo 1.5.1
Jayj Cakifo 1.4.4
Jayj Cakifo 1.4
Jayj Cakifo 1.5.0
Jayj Cakifo
Jayj Cakifo 1.4.3
Jayj Cakifo 1.6
312
VMScore
CVE-2014-5202
Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter.
Compfight Project Compfight 1.4
312
VMScore
CVE-2013-3720
Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin prior to 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wp_post_id parameter.
Feedweb Feedweb
Feedweb Feedweb 1.0.4
Feedweb Feedweb 1.0.5
Feedweb Feedweb 1.0.6
Feedweb Feedweb 1.0.7
Feedweb Feedweb 1.0.8
Feedweb Feedweb 1.1.1
Feedweb Feedweb 1.1.4
Feedweb Feedweb 1.1.5
Feedweb Feedweb 1.1.6
Feedweb Feedweb 1.1.7
Feedweb Feedweb 1.1.9
Feedweb Feedweb 1.2
Feedweb Feedweb 1.2.1
Feedweb Feedweb 1.2.2
Feedweb Feedweb 1.2.3
Feedweb Feedweb 1.2.4
Feedweb Feedweb 1.2.5
Feedweb Feedweb 1.2.6
Feedweb Feedweb 1.2.7
Feedweb Feedweb 1.2.8
Feedweb Feedweb 1.2.9
NA
CVE-2023-49852
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Vsourz Digital Responsive Slick Slider WordPress allows Code Injection.This issue affects Responsive Slick Slider WordPress: from n/a up to and including 1.4.
NA
CVE-2024-3917
The Pet Manager WordPress plugin up to and including 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
NA
CVE-2024-3918
The Pet Manager WordPress plugin up to and including 1.4 does not sanitise and escape some of its Pet settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks.
NA
CVE-2024-34423
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phpbits Forty Four – 404 Plugin for WordPress allows Stored XSS.This issue affects Forty Four – 404 Plugin for WordPress: from n/a up to and including 1.4.
NA
CVE-2023-6390
The WordPress Users WordPress plugin up to and including 1.4 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack.
Jonathonkemp Wordpress Users
NA
CVE-2023-5137
The Simply Excerpts WordPress plugin up to and including 1.4 does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (fo...
Shooflysolutions Simply Excerpts
NA
CVE-2023-5071
The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sitekit_iframe' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contri...
Sitekit Project Sitekit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
malicious code
XML injection
CVE-2024-28020
CVE-2024-35252
CVE-2024-5833
CVE-2024-30066
injection
CVE-2024-23282
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »