Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.3.1 vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2023-29434
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in FancyThemes Optin Forms – Simple List Building Plugin for WordPress plugin <= 1.3.1 versions.
Fancythemes Optin Forms
4.8
CVSSv3
CVE-2021-24708
The Export any WordPress data to XML/CSV WordPress plugin prior to 1.3.1 does not escape its Export's Name before outputting it in Manage Exports settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability...
Wp All Export Project Wp All Export
8.8
CVSSv3
CVE-2023-0234
The SiteGround Security WordPress plugin prior to 1.3.1 does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue.
Siteground Siteground Security
5.4
CVSSv3
CVE-2022-28612
Improper Access Control vulnerability leading to multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Muneeb's Custom Popup Builder plugin <= 1.3.1 at WordPress.
Custom Popup Builder Project Custom Popup Builder
4.3
CVSSv3
CVE-2022-3994
The Authenticator WordPress plugin prior to 1.3.1 does not prevent subscribers from updating a site's feed access token, which may deny other users access to the functionality in certain configurations.
Authenticator Project Authenticator
6.1
CVSSv3
CVE-2017-9420
Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin prior to 3.3.0 for WordPress allows remote malicious users to inject arbitrary JavaScript via the yr parameter.
Sunnythemes Spiffy Calendar 3.0.8
Sunnythemes Spiffy Calendar 3.0.7
Sunnythemes Spiffy Calendar 3.0.0
Sunnythemes Spiffy Calendar 2.1.3
Sunnythemes Spiffy Calendar 1.2.0
Sunnythemes Spiffy Calendar 1.1.8
Sunnythemes Spiffy Calendar 1.1.2
Sunnythemes Spiffy Calendar 1.1.1
Sunnythemes Spiffy Calendar 3.1.3
Sunnythemes Spiffy Calendar 3.1.2
Sunnythemes Spiffy Calendar 3.0.4
Sunnythemes Spiffy Calendar 3.0.3
Sunnythemes Spiffy Calendar 2.1.0
Sunnythemes Spiffy Calendar 2.0.1
Sunnythemes Spiffy Calendar 1.1.5
Sunnythemes Spiffy Calendar 2.0.0
Sunnythemes Spiffy Calendar 1.0.3
Sunnythemes Spiffy Calendar 1.0.1
Sunnythemes Spiffy Calendar 3.1.1
Sunnythemes Spiffy Calendar 3.1.0
Sunnythemes Spiffy Calendar 3.0.2
Sunnythemes Spiffy Calendar 3.0.1
6.1
CVSSv3
CVE-2021-24286
The settings page of the Redirect 404 to parent WordPress plugin prior to 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue
Mooveagency Redirect 404 To Parent
8.8
CVSSv3
CVE-2020-36666
The directory-pro WordPress plugin prior to 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin prior to 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin prior to 1.0.9, real-estate-pro WordPress plugin prior to 1.7.1, insti...
E-plugins Wp Membership
E-plugins Fitness Trainer
E-plugins Hotel Directory
E-plugins Hospital \\& Doctor Directory
E-plugins Lawyer Directory
E-plugins Institutions Directory
E-plugins Real Estate Pro
E-plugins Final User
E-plugins Directory Pro
E-plugins Photographer-directory
E-plugins Producer-retailer -
6.5
CVSSv3
CVE-2022-1831
The WPlite WordPress plugin up to and including 1.3.1 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack
Wplite Project Wplite
6.1
CVSSv3
CVE-2018-10300
Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin prior to 1.3.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML by passing payloads in an Instagram profile's bio.
Web-dorado Wd Instagram Feed
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »