Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nicolas buzy-debat vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-7422
A Local File Inclusion vulnerability in the Site Editor plugin up to and including 1.1.1 for WordPress allows remote malicious users to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php, aka absolute path tra...
Siteeditor Site Editor
1 EDB exploit
4 Github repositories
6.1
CVSSv3
CVE-2017-17719
A cross-site scripting (XSS) vulnerability in the wp-concours plugin up to and including 1.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the result_message parameter to includes/concours_page.php.
Olyos Wp-concours
6.1
CVSSv3
CVE-2017-17744
A cross-site scripting (XSS) vulnerability in the custom-map plugin up to and including 1.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the map_id parameter to view/advancedsettings.php.
Webdesi9 Custom Map
6.1
CVSSv3
CVE-2017-17753
Multiple cross-site scripting (XSS) vulnerabilities in the esb-csv-import-export plugin up to and including 1.1 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) cie_type, (2) cie_import, (3) cie_update, or (4) cie_ignore parameter to i...
Csv-import-export Project Csv-import-export
4.8
CVSSv3
CVE-2018-6194
A cross-site scripting (XSS) vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin (wp-splashing-images) prior to 2.1.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the search parameter to wp-admin/...
Splashing Images Project Splashing Images
7.2
CVSSv3
CVE-2018-6195
admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images) prior to 2.1.1 for WordPress allows authenticated (administrator, editor, or author) remote malicious users to conduct PHP Object Injection attacks via crafted serialized data in the &...
Splashing Images Project Splashing Images
6.1
CVSSv3
CVE-2017-15867
Multiple cross-site scripting (XSS) vulnerabilities in the user-login-history plugin up to and including 1.5.2 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, (3) user_id, (4) username, (5) country_name, (6) br...
User-login-history Project User-login-history
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started