Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.1.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-1658
The Grid Shortcodes WordPress plugin prior to 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scri...
NA
CVE-2014-3937
SQL injection vulnerability in the Contextual Related Posts plugin prior to 1.8.10.2 for WordPress allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Ajaydsouza Contextual Related Posts 1.8.9.1
Ajaydsouza Contextual Related Posts 1.8.8
Ajaydsouza Contextual Related Posts 1.8.1
Ajaydsouza Contextual Related Posts 1.7.3
Ajaydsouza Contextual Related Posts 1.6.4
Ajaydsouza Contextual Related Posts 1.6.2
Ajaydsouza Contextual Related Posts 1.4.1
Ajaydsouza Contextual Related Posts 1.3.1
Ajaydsouza Contextual Related Posts 1.0
Ajaydsouza Contextual Related Posts 1.8.6
Ajaydsouza Contextual Related Posts 1.8.5
Ajaydsouza Contextual Related Posts 1.8.4
Ajaydsouza Contextual Related Posts 1.8.3
Ajaydsouza Contextual Related Posts 1.6
Ajaydsouza Contextual Related Posts 1.5.2
Ajaydsouza Contextual Related Posts 1.5.1
Ajaydsouza Contextual Related Posts 1.5
Ajaydsouza Contextual Related Posts 1.4.2
Ajaydsouza Contextual Related Posts
Ajaydsouza Contextual Related Posts 1.8.10
Ajaydsouza Contextual Related Posts 1.7.2
Ajaydsouza Contextual Related Posts 1.7.1
8.1
CVSSv3
CVE-2021-39333
The Hashthemes Demo Importer Plugin <= 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the conten...
Hashthemes Hashthemes Demo Importer
NA
CVE-2024-1778
The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_bookmark() function in all versions up to, and including, 1.1.1. This makes it possible for unauthentica...
NA
CVE-2009-2144
SQL injection vulnerability in the FireStats plugin prior to 1.6.2-stable for WordPress allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Edgewall Firestats 0.9.0-beta
Edgewall Firestats 0.9.2-beta
Edgewall Firestats 0.9.4-beta
Edgewall Firestats 0.9.3-beta
Edgewall Firestats 1.1.3
Edgewall Firestats 1.1.4
Edgewall Firestats 1.1.5
Edgewall Firestats 1.1.6
Edgewall Firestats 1.3.0-beta
Edgewall Firestats 1.4.4
Edgewall Firestats 1.4.3
Edgewall Firestats 1.4
Edgewall Firestats 1.5.12
Edgewall Firestats 1.5
Edgewall Firestats 1.6.0-beta1
Edgewall Firestats 1.6.0-beta2
Edgewall Firestats 1.6
Firestats Firestats 1.6.0
Edgewall Firestats 0.9.1-beta
Edgewall Firestats 0.9.5-beta
Edgewall Firestats 0.9.7-beta
Edgewall Firestats 0.9.9
5.4
CVSSv3
CVE-2023-0068
The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin up to and including 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role an...
Product Gtin \\(ean\\, Upc\\, Isbn\\) For Woocommerce Project Product Gtin \\(ean\\, Upc\\, Isbn\\) For Woocommerce
NA
CVE-2024-1779
The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_status() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticate...
NA
CVE-2009-2143
PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin prior to 1.6.2-stable for WordPress allows remote malicious users to execute arbitrary PHP code via a URL in the fs_javascript parameter.
Firestats Firestats 1.6.0
Firestats Firestats 1.6.0-beta1
Firestats Firestats 0.9.0-beta
Firestats Firestats 0.9.1-beta
Firestats Firestats 0.9.8-beta
Firestats Firestats 0.9.9
Firestats Firestats 1.1.3
Firestats Firestats 1.2.1
Firestats Firestats 1.2.2
Firestats Firestats 1.6.0-beta2
Firestats Firestats 0.9.2-beta
Firestats Firestats 1.3.4
Firestats Firestats 1.3.5
Firestats Firestats 1.3.6
Firestats Firestats 1.5
Firestats Firestats 1.5.0-beta
Firestats Firestats 1.5.5
Firestats Firestats 1.5.7
Firestats Firestats 0.9.6-beta
Firestats Firestats 0.9.7-beta
Firestats Firestats 1.1.1
Firestats Firestats 1.1.2
NA
CVE-2012-4033
Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin prior to 2.4.0 for WordPress have unknown impact and attack vectors.
Zingiri Zingiri Web Shop 2.3.4
Zingiri Zingiri Web Shop 2.3.3
Zingiri Zingiri Web Shop 2.2.1
Zingiri Zingiri Web Shop 2.2.0
Zingiri Zingiri Web Shop 2.0.2
Zingiri Zingiri Web Shop 2.0.1
Zingiri Zingiri Web Shop 1.6.1
Zingiri Zingiri Web Shop 1.6.0
Zingiri Zingiri Web Shop 1.5.3
Zingiri Zingiri Web Shop 1.5.2
Zingiri Zingiri Web Shop 1.4.3
Zingiri Zingiri Web Shop 1.4.2
Zingiri Zingiri Web Shop 1.3.3
Zingiri Zingiri Web Shop 1.3.2
Zingiri Zingiri Web Shop 1.2.6
Zingiri Zingiri Web Shop 1.2.5
Zingiri Zingiri Web Shop 1.0.4
Zingiri Zingiri Web Shop 1.0.3
Zingiri Zingiri Web Shop 2.3.2
Zingiri Zingiri Web Shop 2.3.1
Zingiri Zingiri Web Shop 2.1.3
Zingiri Zingiri Web Shop 2.1.2
8.8
CVSSv3
CVE-2023-2545
The Feather Login Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getListOfUsers' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, w...
Featherplugins Feather Login Page
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »