Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.1.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-1538
Theme Demo Import WordPress plugin prior to 1.1.1 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed.
Themely Theme Demo Import
NA
CVE-2023-0175
The Responsive Clients Logo Gallery Plugin for WordPress plugin up to and including 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and a...
Accesspressthemes Smart Logo Showcase Lite 1.1.7
Accesspressthemes Smart Logo Showcase Lite 1.1.9
Accesspressthemes Smart Logo Showcase Lite 1.1.8
Accesspressthemes Smart Logo Showcase Lite 1.1.6
Accesspressthemes Smart Logo Showcase Lite 1.1.5
Accesspressthemes Smart Logo Showcase Lite 1.1.4
Accesspressthemes Smart Logo Showcase Lite 1.1.3
Accesspressthemes Smart Logo Showcase Lite 1.1.2
Accesspressthemes Smart Logo Showcase Lite 1.1.1
Accesspressthemes Smart Logo Showcase Lite 1.1.0
Accesspressthemes Smart Logo Showcase Lite 1.0.9
Accesspressthemes Smart Logo Showcase Lite 1.0.8
Accesspressthemes Smart Logo Showcase Lite 1.0.7
Accesspressthemes Smart Logo Showcase Lite 1.0.6
Accesspressthemes Smart Logo Showcase Lite 1.0.5
Accesspressthemes Smart Logo Showcase Lite 1.0.4
Accesspressthemes Smart Logo Showcase Lite 1.0.3
Accesspressthemes Smart Logo Showcase Lite 1.0.2
Accesspressthemes Smart Logo Showcase Lite 1.0.1
Accesspressthemes Smart Logo Showcase Lite 1.0.0
383
VMScore
CVE-2021-25107
The Form Store to DB WordPress plugin prior to 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated malicious user to perform Cross-Site Scripting attacks against admin
Accesspressthemes Form Store To Db
312
VMScore
CVE-2022-0703
The GD Mylist WordPress plugin up to and including 1.1.1 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Gd-mylist Project Gd-mylist
383
VMScore
CVE-2017-9420
Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin prior to 3.3.0 for WordPress allows remote malicious users to inject arbitrary JavaScript via the yr parameter.
Sunnythemes Spiffy Calendar 3.0.8
Sunnythemes Spiffy Calendar 3.0.7
Sunnythemes Spiffy Calendar 3.0.0
Sunnythemes Spiffy Calendar 2.1.3
Sunnythemes Spiffy Calendar 1.2.0
Sunnythemes Spiffy Calendar 1.1.8
Sunnythemes Spiffy Calendar 1.1.2
Sunnythemes Spiffy Calendar 1.1.1
Sunnythemes Spiffy Calendar 3.1.3
Sunnythemes Spiffy Calendar 3.1.2
Sunnythemes Spiffy Calendar 3.0.4
Sunnythemes Spiffy Calendar 3.0.3
Sunnythemes Spiffy Calendar 2.1.0
Sunnythemes Spiffy Calendar 2.0.1
Sunnythemes Spiffy Calendar 1.1.5
Sunnythemes Spiffy Calendar 2.0.0
Sunnythemes Spiffy Calendar 1.0.3
Sunnythemes Spiffy Calendar 1.0.1
Sunnythemes Spiffy Calendar 3.1.1
Sunnythemes Spiffy Calendar 3.1.0
Sunnythemes Spiffy Calendar 3.0.2
Sunnythemes Spiffy Calendar 3.0.1
NA
CVE-2023-2492
The QueryWall: Plug'n Play Firewall WordPress plugin up to and including 1.1.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
Querywall Plug\\'n Play Firewall Project Querywall Plug\\'n Play Firewall
578
VMScore
CVE-2021-24402
The Orders functionality in the WP iCommerce WordPress plugin up to and including 1.1.1 has an `order_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as ...
Solvercircle Wp Icommerce
605
VMScore
CVE-2013-2710
Cross-site request forgery (CSRF) vulnerability in the Contextual Related Posts plugin prior to 1.8.7 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via unspecified vectors.
Ajaydsouza Contextual Related Posts 1.8.1
Ajaydsouza Contextual Related Posts 1.8
Ajaydsouza Contextual Related Posts 1.6.3
Ajaydsouza Contextual Related Posts 1.6.2
Ajaydsouza Contextual Related Posts 1.4
Ajaydsouza Contextual Related Posts 1.3.1
Ajaydsouza Contextual Related Posts 1.8.5
Ajaydsouza Contextual Related Posts 1.8.4
Ajaydsouza Contextual Related Posts 1.7.1
Ajaydsouza Contextual Related Posts 1.7
Ajaydsouza Contextual Related Posts 1.5.2
Ajaydsouza Contextual Related Posts 1.5.1
Ajaydsouza Contextual Related Posts 1.5
Ajaydsouza Contextual Related Posts 1.2.1
Ajaydsouza Contextual Related Posts 1.2
Ajaydsouza Contextual Related Posts 1.8.3
Ajaydsouza Contextual Related Posts 1.8.2
Ajaydsouza Contextual Related Posts 1.6.5
Ajaydsouza Contextual Related Posts 1.6.4
Ajaydsouza Contextual Related Posts 1.4.2
Ajaydsouza Contextual Related Posts 1.4.1
Ajaydsouza Contextual Related Posts 1.1.1
312
VMScore
CVE-2021-24301
The Hotjar Connecticator WordPress plugin up to and including 1.1.1 is vulnerable to Stored Cross-Site Scripting (XSS) in the 'hotjar script' textarea. The request did include a CSRF nonce that was properly verified by the server and this vulnerability could only be exp...
Bluemedicinelabs Hotjar Connecticator
231
VMScore
CVE-2014-2333
Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin prior to 1.1.21 for WordPress allows remote malicious users to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these details are obtained from third party information.
Marcel Brinkkemper Lazyest-gallery
Marcel Brinkkemper Lazyest-gallery 1.1.16
Marcel Brinkkemper Lazyest-gallery 1.1.15
Marcel Brinkkemper Lazyest-gallery 1.1.9.1
Marcel Brinkkemper Lazyest-gallery 1.1.9
Marcel Brinkkemper Lazyest-gallery 1.1.3.3
Marcel Brinkkemper Lazyest-gallery 1.1.3.2
Marcel Brinkkemper Lazyest-gallery 1.1.18
Marcel Brinkkemper Lazyest-gallery 1.1.17.4
Marcel Brinkkemper Lazyest-gallery 1.1.12
Marcel Brinkkemper Lazyest-gallery 1.1.11
Marcel Brinkkemper Lazyest-gallery 1.1.7.1
Marcel Brinkkemper Lazyest-gallery 1.1.7
Marcel Brinkkemper Lazyest-gallery 1.1.6
Marcel Brinkkemper Lazyest-gallery 1.1.2.1
Marcel Brinkkemper Lazyest-gallery 1.1.1.1
Marcel Brinkkemper Lazyest-gallery 1.1.19.1
Marcel Brinkkemper Lazyest-gallery 1.1.19
Marcel Brinkkemper Lazyest-gallery 1.1.14
Marcel Brinkkemper Lazyest-gallery 1.1.13
Marcel Brinkkemper Lazyest-gallery 1.1.8.1
Marcel Brinkkemper Lazyest-gallery 1.1.8
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4956
validation
CVE-2024-35221
remote attackers
CVE-2023-30309
CVE-2024-36112
CVE-2024-23109
CVE-2023-43850
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »