Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-32097
Cross-Site Request Forgery (CSRF) vulnerability in Eyal Fitoussi GEO my WordPress.This issue affects GEO my WordPress: from n/a up to and including 4.1.
6.8
CVSSv2
CVE-2021-24803
The Core Tweaks WP Setup WordPress plugin up to and including 4.1 allows to bulk-set many settings in WordPress, including the admin email, as well as creating a new admin account. There is no CSRF protection in place, allowing an malicious user to arbitrary change the admin emai...
Core Tweaks Wp Setup Project Core Tweaks Wp Setup
NA
CVE-2023-1465
The WP EasyPay WordPress plugin prior to 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin
Wpeasypay Wp Easypay
6.5
CVSSv2
CVE-2014-5183
SQL injection vulnerability in includes/mode-edit.php in the Simple Retail Menus (simple-retail-menus) plugin prior to 4.1 for WordPress allows remote authenticated editors to execute arbitrary SQL commands via the targetmenu parameter in an edit action to wp-admin/admin.php.
Simple Retail Menus Plugin Project Simple-retail-menus
Simple Retail Menus Plugin Project Simple-retail-menus 4.0
NA
CVE-2023-0147
The Flexible Captcha WordPress plugin up to and including 4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross...
Flexible Captcha Project Flexible Captcha
NA
CVE-2024-1337
The SKT Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveSktbuilderPageData' function in all versions up to, and including, 4.1. This makes it possible for authenticated attackers, with su...
NA
CVE-2024-2459
The UX Flat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...
6
CVSSv2
CVE-2021-24490
The Email Artillery (MASS EMAIL) WordPress plugin up to and including 4.1 does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploite...
Email Artillery Project Email Artillery
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8