Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.3.1 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-0065
The i2 Pros & Cons WordPress plugin up to and including 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored C...
I2 Pros \\& Cons Project I2 Pros \\& Cons
5.4
CVSSv3
CVE-2023-0541
The GS Books Showcase WordPress plugin prior to 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Sc...
Gsplugins Gs Books Showcase
NA
CVE-2009-2143
PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin prior to 1.6.2-stable for WordPress allows remote malicious users to execute arbitrary PHP code via a URL in the fs_javascript parameter.
Firestats Firestats 1.6.0
Firestats Firestats 1.6.0-beta1
Firestats Firestats 0.9.0-beta
Firestats Firestats 0.9.1-beta
Firestats Firestats 0.9.8-beta
Firestats Firestats 0.9.9
Firestats Firestats 1.1.3
Firestats Firestats 1.2.1
Firestats Firestats 1.2.2
Firestats Firestats 1.6.0-beta2
Firestats Firestats 0.9.2-beta
Firestats Firestats 1.3.4
Firestats Firestats 1.3.5
Firestats Firestats 1.3.6
Firestats Firestats 1.5
Firestats Firestats 1.5.0-beta
Firestats Firestats 1.5.5
Firestats Firestats 1.5.7
Firestats Firestats 0.9.6-beta
Firestats Firestats 0.9.7-beta
Firestats Firestats 1.1.1
Firestats Firestats 1.1.2
NA
CVE-2012-4033
Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin prior to 2.4.0 for WordPress have unknown impact and attack vectors.
Zingiri Zingiri Web Shop 2.3.4
Zingiri Zingiri Web Shop 2.3.3
Zingiri Zingiri Web Shop 2.2.1
Zingiri Zingiri Web Shop 2.2.0
Zingiri Zingiri Web Shop 2.0.2
Zingiri Zingiri Web Shop 2.0.1
Zingiri Zingiri Web Shop 1.6.1
Zingiri Zingiri Web Shop 1.6.0
Zingiri Zingiri Web Shop 1.5.3
Zingiri Zingiri Web Shop 1.5.2
Zingiri Zingiri Web Shop 1.4.3
Zingiri Zingiri Web Shop 1.4.2
Zingiri Zingiri Web Shop 1.3.3
Zingiri Zingiri Web Shop 1.3.2
Zingiri Zingiri Web Shop 1.2.6
Zingiri Zingiri Web Shop 1.2.5
Zingiri Zingiri Web Shop 1.0.4
Zingiri Zingiri Web Shop 1.0.3
Zingiri Zingiri Web Shop 2.3.2
Zingiri Zingiri Web Shop 2.3.1
Zingiri Zingiri Web Shop 2.1.3
Zingiri Zingiri Web Shop 2.1.2
4.3
CVSSv3
CVE-2021-24572
The Accept Donations with PayPal WordPress plugin prior to 1.3.1 provides a function to create donation buttons which are internally stored as posts. The deletion of a button is not CSRF protected and there is no control to check if the deleted post was a button post. As a result...
Wpplugin Accept Donations With Paypal
6.5
CVSSv3
CVE-2020-36721
The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. This is due to the 'activello_activate_plugin' and 'activello_deactivate_plugin' functions in the 'inc/we...
Machothemes Naturemag Lite
Machothemes Antreas
Colorlib Bonkers
Cpothemes Affluent
Cpothemes Transcend
Machothemes Regina Lite
Cpothemes Brilliance
Machothemes Medzone Lite
Colorlib Pixova Lite
Colorlib Newspaper X
Cpothemes Allegiant
Colorlib Illdy
Colorlib Activello
Machothemes Newsmag
Colorlib Shapely
NA
CVE-2013-3720
Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin prior to 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wp_post_id parameter.
Feedweb Feedweb 1.3.7
Feedweb Feedweb 1.3.6
Feedweb Feedweb 1.3.5
Feedweb Feedweb 1.3.4
Feedweb Feedweb 1.5.11
Feedweb Feedweb 1.5.12
Feedweb Feedweb 1.5.1
Feedweb Feedweb 1.5.10
Feedweb Feedweb 1.7
Feedweb Feedweb 1.7.3
Feedweb Feedweb 1.7.2
Feedweb Feedweb 1.8.7
Feedweb Feedweb 1.3.14
Feedweb Feedweb 1.3.13
Feedweb Feedweb 1.2.6
Feedweb Feedweb 1.2.5
Feedweb Feedweb 1.2.4
Feedweb Feedweb 1.2.11
Feedweb Feedweb 1.0.7
Feedweb Feedweb 1.0.8
Feedweb Feedweb 1.0.5
Feedweb Feedweb
NA
CVE-2024-1697
The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the save_wcfe_options function in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for au...
5.5
CVSSv3
CVE-2024-2752
The Where Did You Hear About Us Checkout Field for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via order meta in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authe...
4.3
CVSSv3
CVE-2021-4402
The Multiple Roles plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the mu_add_roles_in_signup_meta() and mu_add_roles_in_signup_meta_recently() functions. This makes ...
Multiple Roles Project Multiple Roles
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »