Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web-dorado vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-8584
Cross-site scripting (XSS) vulnerability in the Web Dorado Spider Video Player (aka WordPress Video Player) plugin prior to 1.5.2 for WordPress allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Web-dorado Web-dorado Spider Video Player 1.4.7
Web-dorado Web-dorado Spider Video Player 1.5.1
Web-dorado Web-dorado Spider Video Player 1.4.9
Web-dorado Web-dorado Spider Video Player 1.5
Web-dorado Web-dorado Spider Video Player 1.4.8
NA
CVE-2015-4351
The Spider Video Player module for Drupal allows remote authenticated users with the "access Spider Video Player administration" permission to delete arbitrary files via a crafted URL.
Web-dorado Web-dorado Spider Video Player
NA
CVE-2015-4352
Cross-site request forgery (CSRF) vulnerability in the Spider Video Player module for Drupal allows remote malicious users to hijack the authentication of administrators for requests that delete videos via unspecified vectors.
Web-dorado Web-dorado Spider Video Player -
8.8
CVSSv3
CVE-2023-46619
Cross-Site Request Forgery (CSRF) vulnerability in WebDorado WDSocialWidgets plugin <= 1.0.15 versions.
Web-dorado Wdsocialwidgets
6.1
CVSSv3
CVE-2023-45632
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WebDorado SpiderVPlayer plugin <= 1.5.22 versions.
Web-dorado Spidervplayer
7.2
CVSSv3
CVE-2021-24625
The SpiderCatalog WordPress plugin up to and including 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category
Web-dorado Spidercatalog
6.1
CVSSv3
CVE-2023-46090
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WebDorado WDSocialWidgets plugin <= 1.0.15 versions.
Web-dorado Wdsocialwidgets
4.8
CVSSv3
CVE-2023-48320
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebDorado SpiderVPlayer allows Stored XSS.This issue affects SpiderVPlayer: from n/a up to and including 1.5.22.
Web-dorado Spidervplayer
NA
CVE-2015-4350
Multiple cross-site request forgery (CSRF) vulnerabilities in the Spider Catalog module for Drupal allow remote malicious users to hijack the authentication of administrators for requests that delete (1) products, (2) ratings, or (3) categories via unspecified vectors.
Web-dorado Spider Catalog
6.5
CVSSv3
CVE-2023-5709
The WD WidgetTwitter plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
Web-dorado Wd Widgettwitter
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »