Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.3.1 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-10300
Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin prior to 1.3.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML by passing payloads in an Instagram profile's bio.
Web-dorado Wd Instagram Feed
NA
CVE-2014-3937
SQL injection vulnerability in the Contextual Related Posts plugin prior to 1.8.10.2 for WordPress allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Ajaydsouza Contextual Related Posts 1.8.4
Ajaydsouza Contextual Related Posts 1.3
Ajaydsouza Contextual Related Posts 1.5.1
Ajaydsouza Contextual Related Posts 1.2.1
Ajaydsouza Contextual Related Posts 1.8.6
Ajaydsouza Contextual Related Posts 1.6.1
Ajaydsouza Contextual Related Posts 1.8.8
Ajaydsouza Contextual Related Posts 1.7.2
Ajaydsouza Contextual Related Posts 1.1.1
Ajaydsouza Contextual Related Posts 1.2.2
Ajaydsouza Contextual Related Posts 1.1
Ajaydsouza Contextual Related Posts 1.8.9
Ajaydsouza Contextual Related Posts 1.6
Ajaydsouza Contextual Related Posts 1.8.9.1
Ajaydsouza Contextual Related Posts 1.8.1
Ajaydsouza Contextual Related Posts 1.4
Ajaydsouza Contextual Related Posts 1.7.3
Ajaydsouza Contextual Related Posts 1.0
Ajaydsouza Contextual Related Posts 1.6.4
Ajaydsouza Contextual Related Posts 1.5
Ajaydsouza Contextual Related Posts 1.8.7
Ajaydsouza Contextual Related Posts 1.6.3
4.8
CVSSv3
CVE-2022-1542
The HPB Dashboard WordPress plugin up to and including 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
Justsystems Hpb Dashboard
6.1
CVSSv3
CVE-2018-10301
Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin prior to 1.3.1 Premium for WordPress allows remote malicious users to inject arbitrary web script or HTML by passing payloads in a comment on an Instagram post.
Web-dorado Wd Instagram Feed
4.3
CVSSv3
CVE-2022-1845
The WP Post Styling WordPress plugin prior to 1.3.1 does not have CSRF checks in various actions, which could allow malicious users to make a logged in admin delete plugin's data, update the settings, add new entries and more via CSRF attacks
Wp Post Styling Project Wp Post Styling
7.5
CVSSv3
CVE-2022-0214
The Custom Popup Builder WordPress plugin prior to 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog
Custom Popup Builder Project Custom Popup Builder
NA
CVE-2009-2143
PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin prior to 1.6.2-stable for WordPress allows remote malicious users to execute arbitrary PHP code via a URL in the fs_javascript parameter.
Firestats Firestats
Firestats Firestats 0.9.0-beta
Firestats Firestats 0.9.1-beta
Firestats Firestats 0.9.2-beta
Firestats Firestats 0.9.3-beta
Firestats Firestats 0.9.4-beta
Firestats Firestats 0.9.5-beta
Firestats Firestats 0.9.6-beta
Firestats Firestats 0.9.7-beta
Firestats Firestats 0.9.8-beta
Firestats Firestats 0.9.9
Firestats Firestats 1.0
Firestats Firestats 1.0.0
Firestats Firestats 1.0.1
Firestats Firestats 1.0.2
Firestats Firestats 1.1.1
Firestats Firestats 1.1.2
Firestats Firestats 1.1.3
Firestats Firestats 1.1.4
Firestats Firestats 1.1.5
Firestats Firestats 1.1.6
Firestats Firestats 1.1.7
NA
CVE-2009-2144
SQL injection vulnerability in the FireStats plugin prior to 1.6.2-stable for WordPress allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Edgewall Firestats
Edgewall Firestats 0.9.0-beta
Edgewall Firestats 0.9.1-beta
Edgewall Firestats 0.9.2-beta
Edgewall Firestats 0.9.3-beta
Edgewall Firestats 0.9.4-beta
Edgewall Firestats 0.9.5-beta
Edgewall Firestats 0.9.6-beta
Edgewall Firestats 0.9.7-beta
Edgewall Firestats 0.9.8-beta
Edgewall Firestats 0.9.9
Edgewall Firestats 1.0
Edgewall Firestats 1.0.0
Edgewall Firestats 1.0.1
Edgewall Firestats 1.0.2
Edgewall Firestats 1.1.1
Edgewall Firestats 1.1.2
Edgewall Firestats 1.1.3
Edgewall Firestats 1.1.4
Edgewall Firestats 1.1.5
Edgewall Firestats 1.1.6
Edgewall Firestats 1.1.7
NA
CVE-2024-0626
The WooCommerce Clover Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callback_handler function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated malicious user...
4.8
CVSSv3
CVE-2023-4298
The 123.chat WordPress plugin prior to 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite set...
123.chat 123.chat
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
malicious code
XML injection
CVE-2024-28020
CVE-2024-35252
CVE-2024-5833
CVE-2024-30066
injection
CVE-2024-23282
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »