Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
custom pages plugin vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2017-18586
The insert-pages plugin prior to 3.2.4 for WordPress has directory traversal via custom template paths.
Insert Pages Project Insert Pages
5.4
CVSSv3
CVE-2021-24850
The Insert Pages WordPress plugin prior to 3.7.0 adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post's custom ...
Insert Pages Project Insert Pages
7.5
CVSSv3
CVE-2022-0214
The Custom Popup Builder WordPress plugin prior to 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog
Custom Popup Builder Project Custom Popup Builder
5.4
CVSSv3
CVE-2018-11580
An issue exists in mass-pages-posts-creator.php in the MULTIDOTS Mass Pages/Posts Creator plugin 1.2.2 for WordPress. Any logged in user can launch Mass Pages/Posts creation with custom content. There is no nonce or user capability check, so anyone can launch a DoS attack against...
Multidots Mass Pages\\/posts Creator 1.2.2
6.1
CVSSv3
CVE-2021-34654
The Custom Post Type Relations WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the cptr[name] parameter found in the ~/pages/admin-page.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1.0.
Custom Post Type Relations Project Custom Post Type Relations
NA
CVE-2008-6198
SQL injection vulnerability in pages.php in Custom Pages 1.0 plugin for MyBulletinBoard (MyBB) allows remote malicious users to execute arbitrary SQL commands via the page parameter.
Mybboard Custom Pages Plugin 1.0
1 EDB exploit
5.4
CVSSv3
CVE-2022-46686
Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and previous versions does not escape property values and build display names on the Custom Build Properties and Build Summary pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers ...
Jenkins Custom Build Properties
NA
CVE-2011-1669
Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote malicious users to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter.
Mikoviny Wp Custom Pages 0.5.0.1
1 EDB exploit
5.4
CVSSv3
CVE-2023-6701
The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including, 6.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, w...
Advancedcustomfields Advanced Custom Fields
5.4
CVSSv3
CVE-2023-5205
The Add Custom Body Class plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_custom_body_class' value in versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
Anilankola Add Custom Body Class
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »