Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web-dorado vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-8584
Cross-site scripting (XSS) vulnerability in the Web Dorado Spider Video Player (aka WordPress Video Player) plugin prior to 1.5.2 for WordPress allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Web-dorado Web-dorado Spider Video Player 1.4.7
Web-dorado Web-dorado Spider Video Player 1.5.1
Web-dorado Web-dorado Spider Video Player 1.4.9
Web-dorado Web-dorado Spider Video Player 1.5
Web-dorado Web-dorado Spider Video Player 1.4.8
NA
CVE-2015-4351
The Spider Video Player module for Drupal allows remote authenticated users with the "access Spider Video Player administration" permission to delete arbitrary files via a crafted URL.
Web-dorado Web-dorado Spider Video Player
NA
CVE-2015-4352
Cross-site request forgery (CSRF) vulnerability in the Spider Video Player module for Drupal allows remote malicious users to hijack the authentication of administrators for requests that delete videos via unspecified vectors.
Web-dorado Web-dorado Spider Video Player -
4.8
CVSSv3
CVE-2023-48320
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebDorado SpiderVPlayer allows Stored XSS.This issue affects SpiderVPlayer: from n/a up to and including 1.5.22.
Web-dorado Spidervplayer
6.1
CVSSv3
CVE-2023-45632
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WebDorado SpiderVPlayer plugin <= 1.5.22 versions.
Web-dorado Spidervplayer
6.1
CVSSv3
CVE-2023-46090
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WebDorado WDSocialWidgets plugin <= 1.0.15 versions.
Web-dorado Wdsocialwidgets
8.8
CVSSv3
CVE-2023-46619
Cross-Site Request Forgery (CSRF) vulnerability in WebDorado WDSocialWidgets plugin <= 1.0.15 versions.
Web-dorado Wdsocialwidgets
7.2
CVSSv3
CVE-2021-24625
The SpiderCatalog WordPress plugin up to and including 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category
Web-dorado Spidercatalog
6.5
CVSSv3
CVE-2023-5709
The WD WidgetTwitter plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
Web-dorado Wd Widgettwitter
7.8
CVSSv3
CVE-2018-10504
The WebDorado "Form Maker by WD" plugin prior to 1.12.24 for WordPress allows CSV injection.
Web-dorado Form Maker
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »