Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.0.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-7153
SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php.
Huge-it Image Gallery 1.0.1
1 EDB exploit
NA
CVE-2014-4939
SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php.
Enl Newsletter Plugin Project Enl-newsletter 1.0.1
1 EDB exploit
NA
CVE-2014-8586
SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote malicious users to execute arbitrary SQL commands via the calid parameter.
Cp Multi View Event Calendar Project Cp Multi View Event Calendar 1.0.1
1 EDB exploit
6.1
CVSSv3
CVE-2015-7667
Multiple cross-site scripting (XSS) vulnerabilities in (1) templates/admanagement/admanagement.php and (2) templates/adspot/adspot.php in the ResAds plugin prior to 1.0.2 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the page parameter.
Web-mv Resads
6.1
CVSSv3
CVE-2015-7666
Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin prior to 1.0.2 for WordPress allow remote malicious users to inject arbitr...
Codepeople Payment Form For Paypal Pro
NA
CVE-2012-5469
The Portable phpMyAdmin plugin prior to 1.3.1 for WordPress allows remote malicious users to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod.
Phpmyadmin Phpmyadmin 1.0.0
Phpmyadmin Phpmyadmin 1.0.1
Phpmyadmin Phpmyadmin 1.0.2
Phpmyadmin Phpmyadmin 1.0.3
Phpmyadmin Phpmyadmin 1.0.4
Phpmyadmin Phpmyadmin 1.0.5
Phpmyadmin Phpmyadmin 1.0.6
Phpmyadmin Phpmyadmin 1.0.7
Phpmyadmin Phpmyadmin 1.0.8
Phpmyadmin Phpmyadmin 1.1
Phpmyadmin Phpmyadmin 1.2
Phpmyadmin Phpmyadmin 1.2.1
Phpmyadmin Phpmyadmin 1.2.2
Phpmyadmin Phpmyadmin 1.2.3
Phpmyadmin Phpmyadmin 1.2.4
Phpmyadmin Phpmyadmin 1.2.5
Phpmyadmin Phpmyadmin 1.2.6
Phpmyadmin Phpmyadmin 1.2.7
Phpmyadmin Phpmyadmin 1.2.8
Phpmyadmin Phpmyadmin 1.2.9
Phpmyadmin Phpmyadmin 1.2.9.1
Phpmyadmin Phpmyadmin 1.2.9.2
1 EDB exploit
NA
CVE-2013-6797
Cross-site request forgery (CSRF) vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin prior to 2.0.0 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that embed arbitrary URLs via the bw_url pa...
Sunil Nanda Blue Wrench Video Widget 1.0.3
Sunil Nanda Blue Wrench Video Widget 1.0.4
Sunil Nanda Blue Wrench Video Widget
Sunil Nanda Blue Wrench Video Widget 1.0.2
Sunil Nanda Blue Wrench Video Widget 1.0.1
Sunil Nanda Blue Wrench Video Widget 1.0.0
1 EDB exploit
NA
CVE-2011-5207
Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress prior to 1.1.6 prior to 2011-12-31 allows remote malicious users to inject arbitrary web script or HTML via the tcp_name_post_XXXXX parameter.
Thecartpress Thecartpress
Thecartpress Thecartpress 1.0
Thecartpress Thecartpress 1.0.1
Thecartpress Thecartpress 1.0.2
Thecartpress Thecartpress 1.0.3
Thecartpress Thecartpress 1.0.4
Thecartpress Thecartpress 1.0.5
Thecartpress Thecartpress 1.0.6
Thecartpress Thecartpress 1.0.7
Thecartpress Thecartpress 1.0.8
Thecartpress Thecartpress 1.0.9
Thecartpress Thecartpress 1.1.0
Thecartpress Thecartpress 1.1.1
Thecartpress Thecartpress 1.1.2
Thecartpress Thecartpress 1.1.3
Thecartpress Thecartpress 1.1.4
Thecartpress Thecartpress 1.1.5
1 EDB exploit
NA
CVE-2013-3529
Multiple cross-site scripting (XSS) vulnerabilities in user/obits.php in the WP FuneralPress plugin prior to 1.1.7 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) message, (2) photo-message, or (3) youtube-message parameter.
Smartypantsplugins Wp-funeral-press
Smartypantsplugins Wp-funeral-press 1.0.1
Smartypantsplugins Wp-funeral-press 1.0.2
Smartypantsplugins Wp-funeral-press 1.0.3
Smartypantsplugins Wp-funeral-press 1.0.4
Smartypantsplugins Wp-funeral-press 1.0.5
Smartypantsplugins Wp-funeral-press 1.0.7
Smartypantsplugins Wp-funeral-press 1.0.9
Smartypantsplugins Wp-funeral-press 1.1.0
Smartypantsplugins Wp-funeral-press 1.1.2
Smartypantsplugins Wp-funeral-press 1.1.3
Smartypantsplugins Wp-funeral-press 1.1.4
1 EDB exploit
NA
CVE-2011-3856
Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme prior to 1.0.4 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the s parameter.
Atastypixel Elegant Grunge
Atastypixel Elegant Grunge 0.1
Atastypixel Elegant Grunge 0.2
Atastypixel Elegant Grunge 0.2.1
Atastypixel Elegant Grunge 0.2.2
Atastypixel Elegant Grunge 0.3
Atastypixel Elegant Grunge 0.4.1
Atastypixel Elegant Grunge 0.4.2
Atastypixel Elegant Grunge 0.4.3
Atastypixel Elegant Grunge 0.4.4
Atastypixel Elegant Grunge 0.4.5
Atastypixel Elegant Grunge 1.0
Atastypixel Elegant Grunge 1.0.1
Atastypixel Elegant Grunge 1.0.2
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
malicious code
XML injection
CVE-2024-28020
CVE-2024-35252
CVE-2024-5833
CVE-2024-30066
injection
CVE-2024-23282
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »