Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.4 vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2021-24418
The Smooth Scroll Page Up/Down Buttons WordPress plugin up to and including 1.4 does not properly sanitise and validate its psb_positioning settings, allowing high privilege users such as admin to set an XSS payload in it, which will be executed in all pages of the blog
Smooth Scroll Page Up\\/down Buttons Project Smooth Scroll Page Up\\/down Buttons
4.8
CVSSv3
CVE-2021-24331
The Smooth Scroll Page Up/Down Buttons WordPress plugin prior to 1.4 did not properly sanitise and validate its settings, such as psb_distance, psb_buttonsize, psb_speed, only validating them client side. This could allow high privilege users (such as admin) to set XSS payloads i...
Smooth Scroll Page Up\\/down Buttons Project Smooth Scroll Page Up\\/down Buttons
4.3
CVSSv3
CVE-2022-1594
The HC Custom WP-Admin URL WordPress plugin up to and including 1.4 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack, allowing them to change the login URL
Hc Custom Wp-admin Url Project Hc Custom Wp-admin Url
9.8
CVSSv3
CVE-2021-24493
The shopp_upload_file AJAX action of the Shopp WordPress plugin up to and including 1.4, available to both unauthenticated and authenticated user does not have any security measure in place to prevent upload of malicious files, such as PHP, allowing unauthenticated users to uploa...
Ingenesis Shopp
4.8
CVSSv3
CVE-2022-3833
The Fancier Author Box by ThematoSoup WordPress plugin up to and including 1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall...
Thematosoup Fancier Author Box
4.8
CVSSv3
CVE-2023-5137
The Simply Excerpts WordPress plugin up to and including 1.4 does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (fo...
Shooflysolutions Simply Excerpts
5.4
CVSSv3
CVE-2021-24414
The Video Player for YouTube WordPress plugin prior to 1.4 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious ...
Video Player For Youtube Project Video Player For Youtube
NA
CVE-2013-3720
Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin prior to 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wp_post_id parameter.
Feedweb Feedweb 1.3.7
Feedweb Feedweb 1.3.6
Feedweb Feedweb 1.3.5
Feedweb Feedweb 1.3.4
Feedweb Feedweb 1.5.11
Feedweb Feedweb 1.5.12
Feedweb Feedweb 1.5.1
Feedweb Feedweb 1.5.10
Feedweb Feedweb 1.7
Feedweb Feedweb 1.7.3
Feedweb Feedweb 1.7.2
Feedweb Feedweb 1.8.7
Feedweb Feedweb 1.3.14
Feedweb Feedweb 1.3.13
Feedweb Feedweb 1.2.6
Feedweb Feedweb 1.2.5
Feedweb Feedweb 1.2.4
Feedweb Feedweb 1.2.11
Feedweb Feedweb 1.0.7
Feedweb Feedweb 1.0.8
Feedweb Feedweb 1.0.5
Feedweb Feedweb
5.4
CVSSv3
CVE-2022-4460
The Sidebar Widgets by CodeLights WordPress plugin up to and including 1.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting att...
Codelights-shortcodes-and-widgets Project Codelights-shortcodes-and-widgets
4.6
CVSSv3
CVE-2020-36715
The Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4. This makes it possible for authenticated malicious users to inject arbitrary web scripts into the plugin ...
Xootix Login\\/signup Popup
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
NEXT »