Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.6 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2015-9496
The freshmail-newsletter plugin prior to 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring.
Freshmail Freshmail-newsletter
6.5
CVSSv3
CVE-2021-25121
The Rating by BestWebSoft WordPress plugin prior to 1.6 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service on the post/page when a user submit such rating
Bestwebsoft Rating
6.5
CVSSv3
CVE-2021-24820
The Cost Calculator WordPress plugin up to and including 1.6 allows authenticated users (Contributor+ in versions < 1.5, and Admin+ in versions <= 1.6) to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post's Layout
Bold-themes Cost Calculator
6.5
CVSSv3
CVE-2021-3133
The Elementor Contact Form DB plugin prior to 1.6 for WordPress allows CSRF via backend admin pages.
Sean-barton Elementor Contact Form Db
6.5
CVSSv3
CVE-2019-9568
The "Forminator Contact Form, Poll & Quiz Builder" plugin prior to 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry[] parameter if the attacker has the delete permission.
Incsub Forminator
6.1
CVSSv3
CVE-2022-2181
The Advanced WordPress Reset WordPress plugin prior to 1.6 does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting
Sigmaplugin Advanced Wordpress Reset
6.1
CVSSv3
CVE-2019-11358
jQuery prior to 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Jquery Jquery
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Drupal Drupal
Backdropcms Backdrop
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Netapp Snapcenter -
Netapp Oncommand System Manager
Redhat Cloudforms 4.7
Redhat Virtualization Manager 4.3
Oracle Service Bus 12.1.3.0.0
Oracle Primavera Unifier 16.2
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Weblogic Server 12.1.3.0.0
Oracle Service Bus 11.1.1.9.0
Oracle Jdeveloper 11.1.1.9.0
Oracle Primavera Unifier 16.1
150 Github repositories
6.1
CVSSv3
CVE-2019-9567
The "Forminator Contact Form, Poll & Quiz Builder" plugin prior to 1.6 for WordPress has XSS via a custom input field of a poll.
Incsub Forminator
6.1
CVSSv3
CVE-2017-18011
The MyCBGenie Affiliate Ads for Clickbank Products plugin up to and including 1.6 for WordPress has XSS via the text_ads_ajax.php border_color parameter.
Clickbank Affiliate Ads For Clickbank Products
6.1
CVSSv3
CVE-2017-9336
The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerability in the content of a post.
Wp Editor.md Project Wp Editor.md 1.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »