Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.2.2 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-5178
Cross-site request forgery (CSRF) vulnerability in the Welcart plugin prior to 1.2.2 for WordPress allows remote malicious users to hijack the authentication of arbitrary users for requests that complete a purchase.
Welcart Welcart Plugin
Welcart Welcart Plugin 0.9.1
Welcart Welcart Plugin 0.5
7.2
CVSSv3
CVE-2021-24497
The Giveaway WordPress plugin up to and including 1.2.2 is vulnerable to an SQL Injection issue which allows an administrative user to execute arbitrary SQL commands via the $post_id on the options.php page.
Satollo Giveaway
5.4
CVSSv3
CVE-2023-0282
The YourChannel WordPress plugin prior to 1.2.2 does not sanitize and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks.
Plugin Yourchannel
5.4
CVSSv3
CVE-2023-4798
The User Avatar WordPress plugin prior to 1.2.2 does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks.
Wpexperts User Avatar-reloaded
7.5
CVSSv3
CVE-2019-20209
The CTHthemes CityBook prior to 2.3.4, TownHub prior to 1.0.6, and EasyBook prior to 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing.
Cththemes Citybook
Cththemes Easybook
Cththemes Townhub
8.8
CVSSv3
CVE-2020-36666
The directory-pro WordPress plugin prior to 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin prior to 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin prior to 1.0.9, real-estate-pro WordPress plugin prior to 1.7.1, insti...
E-plugins Wp Membership
E-plugins Fitness Trainer
E-plugins Hotel Directory
E-plugins Hospital \\& Doctor Directory
E-plugins Lawyer Directory
E-plugins Institutions Directory
E-plugins Real Estate Pro
E-plugins Final User
E-plugins Directory Pro
E-plugins Photographer-directory
E-plugins Producer-retailer -
NA
CVE-2024-3590
The LetterPress WordPress plugin up to and including 1.2.2 does not have CSRF checks in some places, which could allow malicious users to make logged in users perform unwanted actions via CSRF attacks, such as delete arbitrary subscribers
5.4
CVSSv3
CVE-2022-4789
The WPZOOM Portfolio WordPress plugin prior to 1.2.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Wpzoom Wpzoom Portfolio
4.8
CVSSv3
CVE-2022-1644
The Call&Book Mobile Bar WordPress plugin up to and including 1.2.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
Call\\&book Mobile Bar Project Call\\&book Mobile Bar
6.5
CVSSv3
CVE-2023-47191
Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress.This issue affects Youzify – BuddyPress Community, User Profile, Social Network & Members...
Kainelabs Youzify
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »