Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

nicolas buzy-debat vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv3
CVE-2018-7422
A Local File Inclusion vulnerability in the Site Editor plugin up to and including 1.1.1 for WordPress allows remote malicious users to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php, aka absolute path tra...
Siteeditor Site Editor
6.1
CVSSv3
CVE-2017-17719
A cross-site scripting (XSS) vulnerability in the wp-concours plugin up to and including 1.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the result_message parameter to includes/concours_page.php.
Olyos Wp-concours
6.1
CVSSv3
CVE-2017-17744
A cross-site scripting (XSS) vulnerability in the custom-map plugin up to and including 1.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the map_id parameter to view/advancedsettings.php.
Webdesi9 Custom Map
6.1
CVSSv3
CVE-2017-17753
Multiple cross-site scripting (XSS) vulnerabilities in the esb-csv-import-export plugin up to and including 1.1 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) cie_type, (2) cie_import, (3) cie_update, or (4) cie_ignore parameter to i...
Csv-import-export Project Csv-import-export
4.8
CVSSv3
CVE-2018-6194
A cross-site scripting (XSS) vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin (wp-splashing-images) prior to 2.1.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the search parameter to wp-admin/...
Splashing Images Project Splashing Images
7.2
CVSSv3
CVE-2018-6195
admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images) prior to 2.1.1 for WordPress allows authenticated (administrator, editor, or author) remote malicious users to conduct PHP Object Injection attacks via crafted serialized data in the &...
Splashing Images Project Splashing Images
6.1
CVSSv3
CVE-2017-15867
Multiple cross-site scripting (XSS) vulnerabilities in the user-login-history plugin up to and including 1.5.2 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, (3) user_id, (4) username, (5) country_name, (6) br...
User-login-history Project User-login-history
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook