Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.5.3 vulnerabilities and exploits
(subscribe to this query)
384
VMScore
CVE-2016-5834
Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post-template.php in WordPress prior to 4.5.3 allows remote malicious users to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016...
Wordpress Wordpress
605
VMScore
CVE-2013-2703
Cross-site request forgery (CSRF) vulnerability in the Facebook Members plugin prior to 5.0.5 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that modify this plugin's settings.
Crunchify Facebook Members 5.0
Crunchify Facebook Members 4.7
Crunchify Facebook Members 4.6.1
Crunchify Facebook Members 4.6
Crunchify Facebook Members 4.5.3
Crunchify Facebook Members
Crunchify Facebook Members 5.0.2
Crunchify Facebook Members 5.0.3
Crunchify Facebook Members 5.0.1
NA
CVE-2023-0876
The WP Meta SEO WordPress plugin prior to 4.5.3 does not authorize several ajax actions, allowing low-privilege users to make updates to certain data and leading to an arbitrary redirect vulnerability.
Joomunited Wp Meta Seo
NA
CVE-2023-0875
The WP Meta SEO WordPress plugin prior to 4.5.3 does not properly sanitize and escape inputs into SQL queries, leading to a blind SQL Injection vulnerability that can be exploited by subscriber+ users.
Joomunited Wp Meta Seo
578
VMScore
CVE-2021-24631
The Unlimited PopUps WordPress plugin up to and including 4.5.3 does not sanitise or escape the did GET parameter before using it in a SQL statement, available to users as low as editor, leading to an authenticated SQL Injection
Unlimited Popups Project Unlimited Popups
NA
CVE-2023-1780
The Companion Sitemap Generator WordPress plugin prior to 4.5.3 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Codeermeneer Companion Sitemap Generator
578
VMScore
CVE-2020-35945
An issue exists in the Divi Builder plugin, Divi theme, and Divi Extra theme prior to 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is...
Elegant Themes Divi
Elegant Themes Divi Builder
Elegant Themes Divi Extra
NA
CVE-2023-1028
The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the setIgnore function. This makes it possible for unauthenticated malicious users to update plugin op...
Joomunited Wp Meta Seo
NA
CVE-2023-1029
The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the regenerateSitemaps function. This makes it possible for unauthenticated malicious users to regener...
Joomunited Wp Meta Seo
NA
CVE-2023-6561
The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the featured image alt text in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated at...
Fifu Featured Image From Url
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »