Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.1.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-4856
The FS Product Inquiry WordPress plugin up to and including 1.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users
578
VMScore
CVE-2021-24402
The Orders functionality in the WP iCommerce WordPress plugin up to and including 1.1.1 has an `order_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as ...
Solvercircle Wp Icommerce
312
VMScore
CVE-2021-24301
The Hotjar Connecticator WordPress plugin up to and including 1.1.1 is vulnerable to Stored Cross-Site Scripting (XSS) in the 'hotjar script' textarea. The request did include a CSRF nonce that was properly verified by the server and this vulnerability could only be exp...
Bluemedicinelabs Hotjar Connecticator
668
VMScore
CVE-2009-2144
SQL injection vulnerability in the FireStats plugin prior to 1.6.2-stable for WordPress allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Edgewall Firestats
Edgewall Firestats 0.9.0-beta
Edgewall Firestats 0.9.1-beta
Edgewall Firestats 0.9.2-beta
Edgewall Firestats 0.9.3-beta
Edgewall Firestats 0.9.4-beta
Edgewall Firestats 0.9.5-beta
Edgewall Firestats 0.9.6-beta
Edgewall Firestats 0.9.7-beta
Edgewall Firestats 0.9.8-beta
Edgewall Firestats 0.9.9
Edgewall Firestats 1.0
Edgewall Firestats 1.0.0
Edgewall Firestats 1.0.1
Edgewall Firestats 1.0.2
Edgewall Firestats 1.1.1
Edgewall Firestats 1.1.2
Edgewall Firestats 1.1.3
Edgewall Firestats 1.1.4
Edgewall Firestats 1.1.5
Edgewall Firestats 1.1.6
Edgewall Firestats 1.1.7
NA
CVE-2024-1658
The Grid Shortcodes WordPress plugin prior to 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scri...
668
VMScore
CVE-2009-2143
PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin prior to 1.6.2-stable for WordPress allows remote malicious users to execute arbitrary PHP code via a URL in the fs_javascript parameter.
Firestats Firestats
Firestats Firestats 0.9.0-beta
Firestats Firestats 0.9.1-beta
Firestats Firestats 0.9.2-beta
Firestats Firestats 0.9.3-beta
Firestats Firestats 0.9.4-beta
Firestats Firestats 0.9.5-beta
Firestats Firestats 0.9.6-beta
Firestats Firestats 0.9.7-beta
Firestats Firestats 0.9.8-beta
Firestats Firestats 0.9.9
Firestats Firestats 1.0
Firestats Firestats 1.0.0
Firestats Firestats 1.0.1
Firestats Firestats 1.0.2
Firestats Firestats 1.1.1
Firestats Firestats 1.1.2
Firestats Firestats 1.1.3
Firestats Firestats 1.1.4
Firestats Firestats 1.1.5
Firestats Firestats 1.1.6
Firestats Firestats 1.1.7
490
VMScore
CVE-2021-39333
The Hashthemes Demo Importer Plugin <= 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the conten...
Hashthemes Hashthemes Demo Importer
NA
CVE-2024-1778
The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_bookmark() function in all versions up to, and including, 1.1.1. This makes it possible for unauthentica...
NA
CVE-2023-0068
The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin up to and including 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role an...
Product Gtin (ean, Upc, Isbn) For Woocommerce Project Product Gtin (ean, Upc, Isbn) For Woocommerce
NA
CVE-2024-1779
The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_status() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticate...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »