Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.3 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2022-1956
The Shortcut Macros WordPress plugin up to and including 1.3 does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to update them.
Shortcut Macros Project Shortcut Macros
4.8
CVSSv3
CVE-2023-0422
The Article Directory WordPress plugin up to and including 1.3 does not properly sanitize the `publish_terms_text` setting before displaying it in the administration panel, which may enable administrators to conduct Stored XSS attacks in multisite contexts.
Article Directory Project Article Directory
NA
CVE-2014-3937
SQL injection vulnerability in the Contextual Related Posts plugin prior to 1.8.10.2 for WordPress allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Ajaydsouza Contextual Related Posts 1.8.9.1
Ajaydsouza Contextual Related Posts 1.8.8
Ajaydsouza Contextual Related Posts 1.8.1
Ajaydsouza Contextual Related Posts 1.7.3
Ajaydsouza Contextual Related Posts 1.6.4
Ajaydsouza Contextual Related Posts 1.6.2
Ajaydsouza Contextual Related Posts 1.4.1
Ajaydsouza Contextual Related Posts 1.3.1
Ajaydsouza Contextual Related Posts 1.0
Ajaydsouza Contextual Related Posts 1.8.6
Ajaydsouza Contextual Related Posts 1.8.5
Ajaydsouza Contextual Related Posts 1.8.4
Ajaydsouza Contextual Related Posts 1.8.3
Ajaydsouza Contextual Related Posts 1.6
Ajaydsouza Contextual Related Posts 1.5.2
Ajaydsouza Contextual Related Posts 1.5.1
Ajaydsouza Contextual Related Posts 1.5
Ajaydsouza Contextual Related Posts 1.4.2
Ajaydsouza Contextual Related Posts
Ajaydsouza Contextual Related Posts 1.8.10
Ajaydsouza Contextual Related Posts 1.7.2
Ajaydsouza Contextual Related Posts 1.7.1
6.1
CVSSv3
CVE-2022-2311
The Find and Replace All WordPress plugin prior to 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue.
Find And Replace All Project Find And Replace All
6.5
CVSSv3
CVE-2020-36505
The Delete All Comments Easily WordPress plugin up to and including 1.3 is lacking Cross-Site Request Forgery (CSRF) checks, which could result in an unauthenticated attacker making a logged in admin delete all comments from the blog.
Delete All Comments Easily Project Delete All Comments Easily
4.8
CVSSv3
CVE-2017-16758
Cross-site scripting (XSS) vulnerability in admin/partials/uif-access-token-display.php in the Ultimate Instagram Feed plugin prior to 1.3 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the "access_token" parameter.
Ultimate Instagram Feed Project Ultimate Instagram Feed
4.3
CVSSv3
CVE-2022-3850
The Find and Replace All WordPress plugin prior to 1.3 does not have CSRF check when replacing string, which could allow malicious users to make a logged admin replace arbitrary string in database tables via a CSRF attack
Find And Replace All Project Find And Replace All
4.8
CVSSv3
CVE-2022-2093
The WP Duplicate Page WordPress plugin prior to 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
Ninjateam Wp Duplicate Page
8.8
CVSSv3
CVE-2019-25150
The Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.3. This makes it possible for malicious users to present phishing forms or conduct cross-site request forgery attacks against site administrators.
Wpexperts Email Templates
7.2
CVSSv3
CVE-2021-24777
The view submission functionality in the Hotscot Contact Form WordPress plugin prior to 1.3 makes a get request with the sub_id parameter which not sanitised, escaped or validated before inserting to a SQL statement, leading to an SQL injection.
Hotscot Contact Form
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4956
validation
CVE-2024-35221
remote attackers
CVE-2023-30309
CVE-2024-36112
CVE-2024-23109
CVE-2023-43850
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »