Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.6 vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2021-24820
The Cost Calculator WordPress plugin up to and including 1.6 allows authenticated users (Contributor+ in versions < 1.5, and Admin+ in versions <= 1.6) to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post's Layout
Bold-themes Cost Calculator
6.5
CVSSv2
CVE-2014-2558
The File Gallery plugin prior to 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting fields to /wp-admin/options-media.php, related to the create_function function.
Skyphe File-gallery 1.7
Skyphe File-gallery 1.5.6
Skyphe File-gallery 1.7.4.1
Skyphe File-gallery 1.5.8
Skyphe File-gallery 1.7.5
Skyphe File-gallery 1.7.4
Skyphe File-gallery 1.6.5
Skyphe File-gallery
Skyphe File-gallery 1.5
Skyphe File-gallery 1.7.8
Skyphe File-gallery 1.5.4
Skyphe File-gallery 1.7.6
Skyphe File-gallery 1.4
Skyphe File-gallery 1.5.1
Skyphe File-gallery 1.6.5.2
Skyphe File-gallery 1.6.4
Skyphe File-gallery 1.6.5.5
Skyphe File-gallery 1.2
Skyphe File-gallery 1.6.5.3
Skyphe File-gallery 1.5.3
Skyphe File-gallery 1.5.7
Skyphe File-gallery 1.3
7.5
CVSSv2
CVE-2014-3937
SQL injection vulnerability in the Contextual Related Posts plugin prior to 1.8.10.2 for WordPress allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Ajaydsouza Contextual Related Posts 1.8.4
Ajaydsouza Contextual Related Posts 1.3
Ajaydsouza Contextual Related Posts 1.5.1
Ajaydsouza Contextual Related Posts 1.2.1
Ajaydsouza Contextual Related Posts 1.8.6
Ajaydsouza Contextual Related Posts 1.6.1
Ajaydsouza Contextual Related Posts 1.8.8
Ajaydsouza Contextual Related Posts 1.7.2
Ajaydsouza Contextual Related Posts 1.1.1
Ajaydsouza Contextual Related Posts 1.2.2
Ajaydsouza Contextual Related Posts 1.1
Ajaydsouza Contextual Related Posts 1.8.9
Ajaydsouza Contextual Related Posts 1.6
Ajaydsouza Contextual Related Posts 1.8.9.1
Ajaydsouza Contextual Related Posts 1.8.1
Ajaydsouza Contextual Related Posts 1.4
Ajaydsouza Contextual Related Posts 1.7.3
Ajaydsouza Contextual Related Posts 1.0
Ajaydsouza Contextual Related Posts 1.6.4
Ajaydsouza Contextual Related Posts 1.5
Ajaydsouza Contextual Related Posts 1.8.7
Ajaydsouza Contextual Related Posts 1.6.3
NA
CVE-2024-25594
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Savvy Wordpress Development MyWaze allows Stored XSS.This issue affects MyWaze: from n/a up to and including 1.6.
7.5
CVSSv2
CVE-2009-2143
PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin prior to 1.6.2-stable for WordPress allows remote malicious users to execute arbitrary PHP code via a URL in the fs_javascript parameter.
Firestats Firestats
Firestats Firestats 0.9.0-beta
Firestats Firestats 0.9.1-beta
Firestats Firestats 0.9.2-beta
Firestats Firestats 0.9.3-beta
Firestats Firestats 0.9.4-beta
Firestats Firestats 0.9.5-beta
Firestats Firestats 0.9.6-beta
Firestats Firestats 0.9.7-beta
Firestats Firestats 0.9.8-beta
Firestats Firestats 0.9.9
Firestats Firestats 1.0
Firestats Firestats 1.0.0
Firestats Firestats 1.0.1
Firestats Firestats 1.0.2
Firestats Firestats 1.1.1
Firestats Firestats 1.1.2
Firestats Firestats 1.1.3
Firestats Firestats 1.1.4
Firestats Firestats 1.1.5
Firestats Firestats 1.1.6
Firestats Firestats 1.1.7
7.5
CVSSv2
CVE-2009-2144
SQL injection vulnerability in the FireStats plugin prior to 1.6.2-stable for WordPress allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Edgewall Firestats
Edgewall Firestats 0.9.0-beta
Edgewall Firestats 0.9.1-beta
Edgewall Firestats 0.9.2-beta
Edgewall Firestats 0.9.3-beta
Edgewall Firestats 0.9.4-beta
Edgewall Firestats 0.9.5-beta
Edgewall Firestats 0.9.6-beta
Edgewall Firestats 0.9.7-beta
Edgewall Firestats 0.9.8-beta
Edgewall Firestats 0.9.9
Edgewall Firestats 1.0
Edgewall Firestats 1.0.0
Edgewall Firestats 1.0.1
Edgewall Firestats 1.0.2
Edgewall Firestats 1.1.1
Edgewall Firestats 1.1.2
Edgewall Firestats 1.1.3
Edgewall Firestats 1.1.4
Edgewall Firestats 1.1.5
Edgewall Firestats 1.1.6
Edgewall Firestats 1.1.7
4
CVSSv2
CVE-2021-25121
The Rating by BestWebSoft WordPress plugin prior to 1.6 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service on the post/page when a user submit such rating
Bestwebsoft Rating
NA
CVE-2022-3831
The reCAPTCHA WordPress plugin up to and including 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in mul...
Recaptcha Project Recaptcha
4.3
CVSSv2
CVE-2014-6444
Multiple cross-site scripting (XSS) vulnerabilities in the Titan Framework plugin prior to 1.6 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) t parameter to iframe-googlefont-preview.php or the (2) text parameter to iframe-font-previ...
Titan Framework Project Titan Framework
3.5
CVSSv2
CVE-2013-3720
Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin prior to 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wp_post_id parameter.
Feedweb Feedweb
Feedweb Feedweb 1.0.4
Feedweb Feedweb 1.0.5
Feedweb Feedweb 1.0.6
Feedweb Feedweb 1.0.7
Feedweb Feedweb 1.0.8
Feedweb Feedweb 1.1.1
Feedweb Feedweb 1.1.4
Feedweb Feedweb 1.1.5
Feedweb Feedweb 1.1.6
Feedweb Feedweb 1.1.7
Feedweb Feedweb 1.1.9
Feedweb Feedweb 1.2
Feedweb Feedweb 1.2.1
Feedweb Feedweb 1.2.2
Feedweb Feedweb 1.2.3
Feedweb Feedweb 1.2.4
Feedweb Feedweb 1.2.5
Feedweb Feedweb 1.2.6
Feedweb Feedweb 1.2.7
Feedweb Feedweb 1.2.8
Feedweb Feedweb 1.2.9
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »