Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
validated plugin project validated plugin vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2014-4564
Cross-site scripting (XSS) vulnerability in check.php in the Validated plugin 1.0.2 and previous versions for WordPress allows remote malicious users to inject arbitrary web script or HTML via the slug parameter.
Validated Plugin Project Validated Plugin
855
VMScore
CVE-2013-1916
In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved.
User Photo Project User Photo 0.9.4
1 EDB exploit
578
VMScore
CVE-2021-24391
An editid GET parameter of the Cashtomer WordPress plugin up to and including 1.0.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
Cashtomer Project Cashtomer
578
VMScore
CVE-2021-24393
A c GET parameter of the Comment Highlighter WordPress plugin up to and including 0.13 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
Comment Highlighter Project Comment Highlighter
578
VMScore
CVE-2021-24390
A proid GET parameter of the WordPress???Alipay|???Tenpay|??PayPal???? WordPress plugin up to and including 3.7.2 is not sanitised, properly escaped or validated before inserting to a SQL statement not delimited by quotes, leading to SQL injection.
Alipay Project Alipay
578
VMScore
CVE-2021-24394
An id GET parameter of the Easy Testimonial Manager WordPress plugin up to and including 1.2.0 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection
Easy Testimonial Manager Project Easy Testimonial Manager
578
VMScore
CVE-2021-24403
The Orders functionality in the WordPress Page Contact plugin up to and including 1.0 has an order_id parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as cont...
Wpagecontact Project Wpagecontact
578
VMScore
CVE-2021-24400
The Edit Role functionality in the Display Users WordPress plugin up to and including 2.0.0 had an `id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
Wp-display-users Project Wp-display-users
578
VMScore
CVE-2021-24401
The Edit domain functionality in the WP Domain Redirect WordPress plugin up to and including 1.0 has an `editid` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
Wp-domain-redirect Project Wp-domain-redirect
445
VMScore
CVE-2022-0214
The Custom Popup Builder WordPress plugin prior to 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog
Custom Popup Builder Project Custom Popup Builder
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »