Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.3.2 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2014-4944
Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) categoryid or (2) pdfid parameter to wp-admin/admin.php.
Bannersky Bsk Pdf Manager 1.3.2
1 EDB exploit
7.5
CVSSv2
CVE-2013-7187
SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and previous versions for WordPress allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Ncrafts Formcraft 1.3.5
Ncrafts Formcraft 1.3.3
Ncrafts Formcraft 1.3
Ncrafts Formcraft 1.2
Ncrafts Formcraft
Ncrafts Formcraft 1.2.1
Ncrafts Formcraft 1.3.6
Ncrafts Formcraft 1.3.4
Ncrafts Formcraft 1.1
Ncrafts Formcraft 1.3.1
Ncrafts Formcraft 1.3.2
1 EDB exploit
6.5
CVSSv2
CVE-2015-9474
The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates.
Simpolio Project Simpolio 1.3.2
5
CVSSv2
CVE-2019-14936
Easy!Appointments 1.3.2 plugin for WordPress allows Sensitive Information Disclosure (Username and Password Hash).
Easyappointments Easy!appointments 1.3.2
4.3
CVSSv2
CVE-2021-24563
The Frontend Uploader WordPress plugin up to and including 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file dir...
Frontend Uploader Project Frontend Uploader
1 Github repository
7.5
CVSSv2
CVE-2017-1002023
Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php
Daisythemes Easy Team Manager 1.3.2
4.3
CVSSv2
CVE-2008-1502
The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare prior to 1.4.003, Moodle prior to 1.8.5, and other products, allows remote malicious users to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string contai...
Egroupware Egroupware 1.0
Moodle Moodle 1.5.2
Moodle Moodle 1.6.1
Moodle Moodle 1.8.2
Egroupware Egroupware
Moodle Moodle 1.2.1
Moodle Moodle 1.4.2
Moodle Moodle 1.6.5
Moodle Moodle 1.3.3
Moodle Moodle 1.4.3
Egroupware Egroupware 1.0.6
Moodle Moodle 1.4.5
Moodle Moodle 1.7.6
Moodle Moodle 1.6.2
Moodle Moodle 1.7.1
Moodle Moodle
Egroupware Egroupware 1.2.106-2
Moodle Moodle 1.8.3
Moodle Moodle 1.3.2
Egroupware Egroupware 1.0.3
Moodle Moodle 1.6.4
Moodle Moodle 1.1.1
6.8
CVSSv2
CVE-2013-3476
Cross-site request forgery (CSRF) vulnerability in the WordPress Related Posts plugin prior to 2.6.2 for WordPress allows remote malicious users to hijack the authentication of users for requests that change settings via unspecified vectors.
Zemanta Related Posts 2.5.1
Zemanta Related Posts 1.3
Zemanta Related Posts 2.3
Zemanta Related Posts 1.3.2
Zemanta Related Posts 1.3.1
Zemanta Related Posts 1.5
Zemanta Related Posts 1.1
Zemanta Related Posts 1.0
Zemanta Related Posts 1.8
Zemanta Related Posts
Zemanta Related Posts 1.8.1
Zemanta Related Posts 2.4.1
Zemanta Related Posts 1.6
Zemanta Related Posts 1.7
Zemanta Related Posts 1.2
Zemanta Related Posts 1.3.3
Zemanta Related Posts 1.4
4.3
CVSSv2
CVE-2010-1186
Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the NextGEN Gallery plugin prior to 1.5.2 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the mode parameter.
Alex Rabe Nextgen Gallery
Alex Rabe Nextgen Gallery 0.33
Alex Rabe Nextgen Gallery 0.34
Alex Rabe Nextgen Gallery 0.35
Alex Rabe Nextgen Gallery 0.36
Alex Rabe Nextgen Gallery 0.37
Alex Rabe Nextgen Gallery 0.39
Alex Rabe Nextgen Gallery 0.40
Alex Rabe Nextgen Gallery 0.41
Alex Rabe Nextgen Gallery 0.42
Alex Rabe Nextgen Gallery 0.43
Alex Rabe Nextgen Gallery 0.50
Alex Rabe Nextgen Gallery 0.51
Alex Rabe Nextgen Gallery 0.52
Alex Rabe Nextgen Gallery 0.60
Alex Rabe Nextgen Gallery 0.61
Alex Rabe Nextgen Gallery 0.62
Alex Rabe Nextgen Gallery 0.63
Alex Rabe Nextgen Gallery 0.64
Alex Rabe Nextgen Gallery 0.70
Alex Rabe Nextgen Gallery 0.71
Alex Rabe Nextgen Gallery 0.72
1 EDB exploit
4.3
CVSSv2
CVE-2014-6445
Multiple cross-site scripting (XSS) vulnerabilities in includes/toAdmin.php in Contact Form 7 Integrations plugin 1.0 up to and including 1.3.10 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) uE or (2) uC parameter.
Contactus Contact Form 7 Integrations 1.3.7
Contactus Contact Form 7 Integrations 1.3.5
Contactus Contact Form 7 Integrations 1.3.9
Contactus Contact Form 7 Integrations 1.3.4
Contactus Contact Form 7 Integrations 1.3
Contactus Contact Form 7 Integrations 1.3.8
Contactus Contact Form 7 Integrations 1.3.3
Contactus Contact Form 7 Integrations 1.3.2
Contactus Contact Form 7 Integrations 1.3.10
Contactus Contact Form 7 Integrations 1.3.1
Contactus Contact Form 7 Integrations 1.3.6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »