Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.5.2 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2014-4855
Cross-site scripting (XSS) vulnerability in the Polylang plugin prior to 1.5.2 for WordPress allows remote malicious users to inject arbitrary web script or HTML via vectors related to a user description. NOTE: some of these details are obtained from third party information.
Polylang Plugin Project Polylang
Polylang Plugin Project Polylang 1.5
6.8
CVSSv2
CVE-2013-2710
Cross-site request forgery (CSRF) vulnerability in the Contextual Related Posts plugin prior to 1.8.7 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via unspecified vectors.
Ajaydsouza Contextual Related Posts 1.8.1
Ajaydsouza Contextual Related Posts 1.8
Ajaydsouza Contextual Related Posts 1.6.3
Ajaydsouza Contextual Related Posts 1.6.2
Ajaydsouza Contextual Related Posts 1.4
Ajaydsouza Contextual Related Posts 1.3.1
Ajaydsouza Contextual Related Posts 1.8.5
Ajaydsouza Contextual Related Posts 1.8.4
Ajaydsouza Contextual Related Posts 1.7.1
Ajaydsouza Contextual Related Posts 1.7
Ajaydsouza Contextual Related Posts 1.5.2
Ajaydsouza Contextual Related Posts 1.5.1
Ajaydsouza Contextual Related Posts 1.5
Ajaydsouza Contextual Related Posts 1.2.1
Ajaydsouza Contextual Related Posts 1.2
Ajaydsouza Contextual Related Posts 1.8.3
Ajaydsouza Contextual Related Posts 1.8.2
Ajaydsouza Contextual Related Posts 1.6.5
Ajaydsouza Contextual Related Posts 1.6.4
Ajaydsouza Contextual Related Posts 1.4.2
Ajaydsouza Contextual Related Posts 1.4.1
Ajaydsouza Contextual Related Posts 1.1.1
6.5
CVSSv2
CVE-2014-2558
The File Gallery plugin prior to 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting fields to /wp-admin/options-media.php, related to the create_function function.
Skyphe File-gallery 1.7.2
Skyphe File-gallery 1.7.1
Skyphe File-gallery 1.7
Skyphe File-gallery 1.6.5.5
Skyphe File-gallery 1.6.6
Skyphe File-gallery 1.6.5.4
Skyphe File-gallery 1.6.5.3
Skyphe File-gallery 1.5.7
Skyphe File-gallery 1.5.6
Skyphe File-gallery 1.5.5
Skyphe File-gallery 1.5.4
Skyphe File-gallery 1.7.5.3
Skyphe File-gallery 1.7.5.1
Skyphe File-gallery 1.7.5
Skyphe File-gallery 1.6.3
Skyphe File-gallery 1.6.2
Skyphe File-gallery 1.6.0.1
Skyphe File-gallery 1.6
Skyphe File-gallery 1.5
Skyphe File-gallery
Skyphe File-gallery 1.7.7
Skyphe File-gallery 1.7.4.1
4.3
CVSSv2
CVE-2021-24764
The Perfect Survey WordPress plugin prior to 1.5.2 does not sanitise and escape multiple parameters (id and filters[session_id] of single_statistics page, type and message of importexport page) before outputting them back in pages/attributes in the admin dashboard, leading to Ref...
Getperfectsurvey Perfect Survey
4.3
CVSSv2
CVE-2021-24765
The Perfect Survey WordPress plugin up to and including 1.5.2 does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is turned off, leading to a Stored Cross-Site Scripting issue
Getperfectsurvey Perfect Survey
10
CVSSv2
CVE-2021-24215
An Improper Access Control vulnerability exists in the Controlled Admin Access WordPress plugin prior to 1.5.2. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a comple...
Wpruby Controlled Admin Access
7.5
CVSSv2
CVE-2014-3937
SQL injection vulnerability in the Contextual Related Posts plugin prior to 1.8.10.2 for WordPress allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Ajaydsouza Contextual Related Posts 1.8.9.1
Ajaydsouza Contextual Related Posts 1.8.8
Ajaydsouza Contextual Related Posts 1.8.1
Ajaydsouza Contextual Related Posts 1.7.3
Ajaydsouza Contextual Related Posts 1.6.4
Ajaydsouza Contextual Related Posts 1.6.2
Ajaydsouza Contextual Related Posts 1.4.1
Ajaydsouza Contextual Related Posts 1.3.1
Ajaydsouza Contextual Related Posts 1.0
Ajaydsouza Contextual Related Posts 1.8.6
Ajaydsouza Contextual Related Posts 1.8.5
Ajaydsouza Contextual Related Posts 1.8.4
Ajaydsouza Contextual Related Posts 1.8.3
Ajaydsouza Contextual Related Posts 1.6
Ajaydsouza Contextual Related Posts 1.5.2
Ajaydsouza Contextual Related Posts 1.5.1
Ajaydsouza Contextual Related Posts 1.5
Ajaydsouza Contextual Related Posts 1.4.2
Ajaydsouza Contextual Related Posts
Ajaydsouza Contextual Related Posts 1.8.10
Ajaydsouza Contextual Related Posts 1.7.2
Ajaydsouza Contextual Related Posts 1.7.1
4.3
CVSSv2
CVE-2011-5128
Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize plugin prior to 1.7.22 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the page parameter to (1) inc-options/deinstall_options.php, (2) inc-options/theme_options.php, or (3...
Bueltge Adminimize
Bueltge Adminimize 0.6.9
Bueltge Adminimize 0.7
Bueltge Adminimize 0.7.1
Bueltge Adminimize 0.7.2
Bueltge Adminimize 0.7.3
Bueltge Adminimize 0.7.5
Bueltge Adminimize 0.7.6
Bueltge Adminimize 0.7.7
Bueltge Adminimize 0.7.8
Bueltge Adminimize 0.7.9
Bueltge Adminimize 0.8
Bueltge Adminimize 0.8.1
Bueltge Adminimize 1.0
Bueltge Adminimize 1.1
Bueltge Adminimize 1.2
Bueltge Adminimize 1.3
Bueltge Adminimize 1.4
Bueltge Adminimize 1.4.1
Bueltge Adminimize 1.4.2
Bueltge Adminimize 1.4.3-6
Bueltge Adminimize 1.4.7
7.5
CVSSv2
CVE-2009-2143
PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin prior to 1.6.2-stable for WordPress allows remote malicious users to execute arbitrary PHP code via a URL in the fs_javascript parameter.
Firestats Firestats 1.6.0
Firestats Firestats 1.6.0-beta1
Firestats Firestats 0.9.0-beta
Firestats Firestats 0.9.1-beta
Firestats Firestats 0.9.8-beta
Firestats Firestats 0.9.9
Firestats Firestats 1.1.3
Firestats Firestats 1.2.1
Firestats Firestats 1.2.2
Firestats Firestats 1.6.0-beta2
Firestats Firestats 0.9.2-beta
Firestats Firestats 1.3.4
Firestats Firestats 1.3.5
Firestats Firestats 1.3.6
Firestats Firestats 1.5
Firestats Firestats 1.5.0-beta
Firestats Firestats 1.5.5
Firestats Firestats 1.5.7
Firestats Firestats 0.9.6-beta
Firestats Firestats 0.9.7-beta
Firestats Firestats 1.1.1
Firestats Firestats 1.1.2
7.5
CVSSv2
CVE-2009-2144
SQL injection vulnerability in the FireStats plugin prior to 1.6.2-stable for WordPress allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Edgewall Firestats 0.9.0-beta
Edgewall Firestats 0.9.2-beta
Edgewall Firestats 0.9.4-beta
Edgewall Firestats 0.9.3-beta
Edgewall Firestats 1.1.3
Edgewall Firestats 1.1.4
Edgewall Firestats 1.1.5
Edgewall Firestats 1.1.6
Edgewall Firestats 1.3.0-beta
Edgewall Firestats 1.4.4
Edgewall Firestats 1.4.3
Edgewall Firestats 1.4
Edgewall Firestats 1.5.12
Edgewall Firestats 1.5
Edgewall Firestats 1.6.0-beta1
Edgewall Firestats 1.6.0-beta2
Edgewall Firestats 1.6
Firestats Firestats 1.6.0
Edgewall Firestats 0.9.1-beta
Edgewall Firestats 0.9.5-beta
Edgewall Firestats 0.9.7-beta
Edgewall Firestats 0.9.9
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »