Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.5 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-2089
The Remote Content Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'remote_content' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
NA
CVE-2015-10122
A vulnerability was found in wp-donate Plugin up to 1.4 on WordPress. It has been classified as critical. This affects an unknown part of the file includes/donate-display.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. Upgrading to ve...
Wp Donate Project Wp Donate
NA
CVE-2023-2561
The Gallery Metabox for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gallery_remove function in versions up to, and including, 1.5. This makes it possible for subscriber-level malicious users to modify galleries attached to...
Gallery-metabox Project Gallery-metabox
NA
CVE-2023-2562
The Gallery Metabox for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the refresh_metabox function in versions up to, and including, 1.5. This makes it possible for subscriber-level malicious users to obtain a list of images attached ...
Gallery-metabox Project Gallery-metabox
NA
CVE-2021-4403
The Remove Schema plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the validate() function. This makes it possible for unauthenticated malicious users to modify the plug...
Websitescanner Remove Schema
NA
CVE-2023-2704
The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated mali...
Vibethemes Bp Social Connect
NA
CVE-2023-0424
The MS-Reviews WordPress plugin up to and including 1.5 does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks
Ms-reviews Project Ms-reviews
NA
CVE-2022-4750
The WP Responsive Testimonials Slider And Widget WordPress plugin up to and including 1.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and a...
Wp Responsive Testimonials Slider And Widget Project Wp Responsive Testimonials Slider And Widget
NA
CVE-2022-3891
The WP FullCalendar WordPress plugin prior to 1.5 does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated malicious users to get the content of arbitrary posts, including draft/private as we...
Pixelite Wp Fullcalendar
NA
CVE-2021-25044
The Cryptocurrency Pricing list and Ticker WordPress plugin up to and including 1.5 does not sanitise and escape the ccpw_setpage parameter before outputting it back in pages where its shortcode is embed, leading to a Reflected Cross-Site Scripting issue
Premium-themes Cryptocurrency Pricing List And Ticker
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »