Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.2.4 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-3481
The Counter Box WordPress plugin prior to 1.2.4 does not have CSRF checks in some bulk actions, which could allow malicious users to make logged in admins perform unwanted actions, such deleting counters via CSRF attacks
4.3
CVSSv3
CVE-2021-24207
By default, the WP Page Builder WordPress plugin prior to 1.2.4 allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages.
Themeum Wp Page Builder
7.2
CVSSv3
CVE-2021-25068
The Sync WooCommerce Product feed to Google Shopping WordPress plugin up to and including 1.2.4 uses the 'feed_id' POST parameter which is not properly sanitized for use in a SQL statement, leading to a SQL injection vulnerability in the admin dashboard
Dpl Sync Woocommerce Product Feed To Google Shopping
6.1
CVSSv3
CVE-2021-24237
The Realteo WordPress plugin prior to 1.2.4, used by the Findeo Theme, did not properly sanitise the keyword_search, search_radius. _bedrooms and _bathrooms GET parameters before outputting them in its properties page, leading to an unauthenticated reflected Cross-Site Scripting ...
Purethemes Findeo
Purethemes Realteo
5.4
CVSSv3
CVE-2021-24729
The Logo Showcase with Slick Slider WordPress plugin prior to 1.2.4 does not sanitise the Grid Settings, which could allow users with a role as low as Author to perform stored Cross-Site Scripting attacks via post metadata of Grid logo showcase.
Infornweb Logo Showcase With Slick Slider
6.5
CVSSv3
CVE-2021-24238
The Realteo WordPress plugin prior to 1.2.4, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users to delete arbitrary properties by tampering with the property_id parameter.
Purethemes Findeo
Purethemes Realteo
4.8
CVSSv3
CVE-2023-2527
The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin prior to 1.2.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Crmperks Integration For Contact Form 7 And Zoho Crm\\, Bigin
5.3
CVSSv3
CVE-2023-6638
The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 1.2.4. This makes it possible for unauthenticated malicious us...
Gutengeek Gg Woo Feed
5.5
CVSSv3
CVE-2021-24445
The My Site Audit WordPress plugin up to and including 1.2.4 does not sanitise or escape the Audit Name field when creating an audit, allowing high privilege users to set JavaScript payloads in them, even when he unfiltered_html capability is disallowed, leading to an authenticat...
Draftpress My Site Audit
NA
CVE-2009-2143
PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin prior to 1.6.2-stable for WordPress allows remote malicious users to execute arbitrary PHP code via a URL in the fs_javascript parameter.
Firestats Firestats 1.6.0
Firestats Firestats 1.6.0-beta1
Firestats Firestats 0.9.0-beta
Firestats Firestats 0.9.1-beta
Firestats Firestats 0.9.8-beta
Firestats Firestats 0.9.9
Firestats Firestats 1.1.3
Firestats Firestats 1.2.1
Firestats Firestats 1.2.2
Firestats Firestats 1.6.0-beta2
Firestats Firestats 0.9.2-beta
Firestats Firestats 1.3.4
Firestats Firestats 1.3.5
Firestats Firestats 1.3.6
Firestats Firestats 1.5
Firestats Firestats 1.5.0-beta
Firestats Firestats 1.5.5
Firestats Firestats 1.5.7
Firestats Firestats 0.9.6-beta
Firestats Firestats 0.9.7-beta
Firestats Firestats 1.1.1
Firestats Firestats 1.1.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »