Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 0.7 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2021-24559
The Qyrr WordPress plugin prior to 0.7 does not escape the data-uri of the QR Code when outputting it in a src attribute, allowing for Cross-Site Scripting attacks. Furthermore, the data_uri_to_meta AJAX action, available to all authenticated users, only had a CSRF check in place...
Patrickposner Qyrr
383
VMScore
CVE-2022-1846
The Tiny Contact Form WordPress plugin up to and including 0.7 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack
Tiny Contact Form Project Tiny Contact Form
445
VMScore
CVE-2015-9464
The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.
S3bubble S3bubble-amazon-s3-html-5-video-with-adverts 0.7
383
VMScore
CVE-2016-10969
The supportflow plugin prior to 0.7 for WordPress has XSS via a discussion ticket title.
Supportflow Project Supportflow
383
VMScore
CVE-2016-10970
The supportflow plugin prior to 0.7 for WordPress has XSS via a ticket excerpt.
Supportflow Project Supportflow
668
VMScore
CVE-2017-1002016
Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files.
Flickr Picture Backup Project Flickr Picture Backup 0.7
445
VMScore
CVE-2015-1000006
Remote file download vulnerability in recent-backups v0.7 wordpress plugin
Recent-backups Project Recent-backups 0.7
605
VMScore
CVE-2014-9401
Cross-site request forgery (CSRF) vulnerability in the WP Limit Posts Automatically plugin 0.7 and previous versions for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the lpa...
Wp Limit Posts Automatically Project Wp Limit Posts Automatically
605
VMScore
CVE-2014-9393
Multiple cross-site request forgery (CSRF) vulnerabilities in the Post to Twitter plugin 0.7 and previous versions for WordPress allow remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) id...
Post To Twitter Project Post To Twitter
668
VMScore
CVE-2003-1598
SQL injection vulnerability in log.header.php in WordPress 0.7 and previous versions allows remote malicious users to execute arbitrary SQL commands via the posts variable.
Wordpress Wordpress
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »