Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.4 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-3917
The Pet Manager WordPress plugin up to and including 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
6.1
CVSSv3
CVE-2021-38330
The Yet Another bol.com Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/yabp.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1.4.
Tromit Yabp
4.3
CVSSv3
CVE-2022-1594
The HC Custom WP-Admin URL WordPress plugin up to and including 1.4 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack, allowing them to change the login URL
Hc Custom Wp-admin Url Project Hc Custom Wp-admin Url
4.8
CVSSv3
CVE-2021-24418
The Smooth Scroll Page Up/Down Buttons WordPress plugin up to and including 1.4 does not properly sanitise and validate its psb_positioning settings, allowing high privilege users such as admin to set an XSS payload in it, which will be executed in all pages of the blog
Smooth Scroll Page Up\\/down Buttons Project Smooth Scroll Page Up\\/down Buttons
4.8
CVSSv3
CVE-2021-24331
The Smooth Scroll Page Up/Down Buttons WordPress plugin prior to 1.4 did not properly sanitise and validate its settings, such as psb_distance, psb_buttonsize, psb_speed, only validating them client side. This could allow high privilege users (such as admin) to set XSS payloads i...
Smooth Scroll Page Up\\/down Buttons Project Smooth Scroll Page Up\\/down Buttons
4.8
CVSSv3
CVE-2023-5137
The Simply Excerpts WordPress plugin up to and including 1.4 does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (fo...
Shooflysolutions Simply Excerpts
4.8
CVSSv3
CVE-2022-3833
The Fancier Author Box by ThematoSoup WordPress plugin up to and including 1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall...
Thematosoup Fancier Author Box
9.8
CVSSv3
CVE-2021-24493
The shopp_upload_file AJAX action of the Shopp WordPress plugin up to and including 1.4, available to both unauthenticated and authenticated user does not have any security measure in place to prevent upload of malicious files, such as PHP, allowing unauthenticated users to uploa...
Ingenesis Shopp
5.4
CVSSv3
CVE-2021-24414
The Video Player for YouTube WordPress plugin prior to 1.4 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious ...
Video Player For Youtube Project Video Player For Youtube
NA
CVE-2013-3720
Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin prior to 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wp_post_id parameter.
Feedweb Feedweb 1.3.7
Feedweb Feedweb 1.3.6
Feedweb Feedweb 1.3.5
Feedweb Feedweb 1.3.4
Feedweb Feedweb 1.5.11
Feedweb Feedweb 1.5.12
Feedweb Feedweb 1.5.1
Feedweb Feedweb 1.5.10
Feedweb Feedweb 1.7
Feedweb Feedweb 1.7.3
Feedweb Feedweb 1.7.2
Feedweb Feedweb 1.8.7
Feedweb Feedweb 1.3.14
Feedweb Feedweb 1.3.13
Feedweb Feedweb 1.2.6
Feedweb Feedweb 1.2.5
Feedweb Feedweb 1.2.4
Feedweb Feedweb 1.2.11
Feedweb Feedweb 1.0.7
Feedweb Feedweb 1.0.8
Feedweb Feedweb 1.0.5
Feedweb Feedweb
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
NEXT »