Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.0.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-4474
The WP Logs Book WordPress plugin up to and including 1.0.1 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack
NA
CVE-2024-4475
The WP Logs Book WordPress plugin up to and including 1.0.1 does not have CSRF check when clearing logs, which could allow malicious users to make a logged in admin clear the logs them via a CSRF attack
NA
CVE-2024-4477
The WP Logs Book WordPress plugin up to and including 1.0.1 does not sanitise and escape some of its log data before outputting them back in an admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting
NA
CVE-2024-3071
The ACF On-The-Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the acfg_update_fields() function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with subscriber-level ...
NA
CVE-2024-3058
The ENL Newsletter WordPress plugin up to and including 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow malicious users to make logged in admin add Stored XSS payloads via a CSRF attack
NA
CVE-2024-3059
The ENL Newsletter WordPress plugin up to and including 1.0.1 does not have CSRF checks in some places, which could allow malicious users to make logged in admins delete arbitrary Campaigns via a CSRF attack
NA
CVE-2024-3060
The ENL Newsletter WordPress plugin up to and including 1.0.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin+ to perform SQL injection attacks
NA
CVE-2023-6067
The WP User Profile Avatar WordPress plugin up to and including 1.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stor...
4.3
CVSSv3
CVE-2023-6384
The WP User Profile Avatar WordPress plugin prior to 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar
Wp-eventmanager User Profile Avatar
9.8
CVSSv3
CVE-2023-51700
Unofficial Mobile BankID Integration for WordPress lets users employ Mobile BankID to authenticate themselves on your WordPress site. before 1.0.1, WP-Mobile-BankID-Integration is affected by a vulnerability classified as a Deserialization of Untrusted Data vulnerability, specifi...
Jamieblomerus Unofficial Mobile Bankid Integration
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-38627
CVE-2022-45803
CVE-2024-38319
camera
template injection
CVE-2024-27801
CVE-2024-0762
CVE-2024-5791
unauthorized
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »