Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.4 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2015-10122
A vulnerability was found in wp-donate Plugin up to 1.4 on WordPress. It has been classified as critical. This affects an unknown part of the file includes/donate-display.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. Upgrading to ve...
Wp Donate Project Wp Donate
9.8
CVSSv3
CVE-2021-24493
The shopp_upload_file AJAX action of the Shopp WordPress plugin up to and including 1.4, available to both unauthenticated and authenticated user does not have any security measure in place to prevent upload of malicious files, such as PHP, allowing unauthenticated users to uploa...
Ingenesis Shopp
9.8
CVSSv3
CVE-2012-4919
Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability
Gallery Project Gallery 1.4
9.8
CVSSv3
CVE-2016-10955
The cysteme-finder plugin prior to 1.4 for WordPress has unrestricted file upload because of incorrect session tracking.
Cysteme Cysteme-finder
9.8
CVSSv3
CVE-2015-3313
SQL injection vulnerability in WordPress Community Events plugin prior to 1.4.
Community Events Project Community Events
1 EDB exploit
9.8
CVSSv3
CVE-2015-1000003
Blind SQL Injection in filedownload v1.4 wordpress plugin
Filedownload Project Filedownload 1.4
8.8
CVSSv3
CVE-2023-6390
The WordPress Users WordPress plugin up to and including 1.4 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack.
Jonathonkemp Wordpress Users
8.8
CVSSv3
CVE-2022-2233
The Banner Cycler plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the pabc_admin_slides_postback() function found in the ~/admin/admin.php file. This makes it possible for unauthenti...
Banner Cycler Project Banner Cycler
8.8
CVSSv3
CVE-2022-2001
The DX Share Selection plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the dxss_admin_page() function found in the ~/dx-share-selection.php file. This makes it possible for unauthent...
Devrix Dx Share Selection
8.8
CVSSv3
CVE-2013-2109
WordPress plugin wp-cleanfix has Remote Code Execution
Undolog Wp Cleanfix 1.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »