Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.4 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2022-1594
The HC Custom WP-Admin URL WordPress plugin up to and including 1.4 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack, allowing them to change the login URL
Hc Custom Wp-admin Url Project Hc Custom Wp-admin Url
4.8
CVSSv3
CVE-2021-24331
The Smooth Scroll Page Up/Down Buttons WordPress plugin prior to 1.4 did not properly sanitise and validate its settings, such as psb_distance, psb_buttonsize, psb_speed, only validating them client side. This could allow high privilege users (such as admin) to set XSS payloads i...
Smooth Scroll Page Up\\/down Buttons Project Smooth Scroll Page Up\\/down Buttons
9.8
CVSSv3
CVE-2021-24493
The shopp_upload_file AJAX action of the Shopp WordPress plugin up to and including 1.4, available to both unauthenticated and authenticated user does not have any security measure in place to prevent upload of malicious files, such as PHP, allowing unauthenticated users to uploa...
Ingenesis Shopp
4.8
CVSSv3
CVE-2023-5137
The Simply Excerpts WordPress plugin up to and including 1.4 does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (fo...
Shooflysolutions Simply Excerpts
4.8
CVSSv3
CVE-2022-3833
The Fancier Author Box by ThematoSoup WordPress plugin up to and including 1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall...
Thematosoup Fancier Author Box
5.4
CVSSv3
CVE-2021-24414
The Video Player for YouTube WordPress plugin prior to 1.4 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious ...
Video Player For Youtube Project Video Player For Youtube
NA
CVE-2013-3720
Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin prior to 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wp_post_id parameter.
Feedweb Feedweb 1.3.7
Feedweb Feedweb 1.3.6
Feedweb Feedweb 1.3.5
Feedweb Feedweb 1.3.4
Feedweb Feedweb 1.5.11
Feedweb Feedweb 1.5.12
Feedweb Feedweb 1.5.1
Feedweb Feedweb 1.5.10
Feedweb Feedweb 1.7
Feedweb Feedweb 1.7.3
Feedweb Feedweb 1.7.2
Feedweb Feedweb 1.8.7
Feedweb Feedweb 1.3.14
Feedweb Feedweb 1.3.13
Feedweb Feedweb 1.2.6
Feedweb Feedweb 1.2.5
Feedweb Feedweb 1.2.4
Feedweb Feedweb 1.2.11
Feedweb Feedweb 1.0.7
Feedweb Feedweb 1.0.8
Feedweb Feedweb 1.0.5
Feedweb Feedweb
5.4
CVSSv3
CVE-2022-4460
The Sidebar Widgets by CodeLights WordPress plugin up to and including 1.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting att...
Codelights-shortcodes-and-widgets Project Codelights-shortcodes-and-widgets
4.6
CVSSv3
CVE-2020-36715
The Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4. This makes it possible for authenticated malicious users to inject arbitrary web scripts into the plugin ...
Xootix Login\\/signup Popup
5.4
CVSSv3
CVE-2023-5071
The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sitekit_iframe' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contri...
Sitekit Project Sitekit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
NEXT »