Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.5.2 vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2021-24215
An Improper Access Control vulnerability exists in the Controlled Admin Access WordPress plugin prior to 1.5.2. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a comple...
Wpruby Controlled Admin Access
10
CVSSv2
CVE-2012-4033
Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin prior to 2.4.0 for WordPress have unknown impact and attack vectors.
Zingiri Zingiri Web Shop 2.3.4
Zingiri Zingiri Web Shop 2.3.3
Zingiri Zingiri Web Shop 2.2.1
Zingiri Zingiri Web Shop 2.2.0
Zingiri Zingiri Web Shop 2.0.2
Zingiri Zingiri Web Shop 2.0.1
Zingiri Zingiri Web Shop 1.6.1
Zingiri Zingiri Web Shop 1.6.0
Zingiri Zingiri Web Shop 1.5.3
Zingiri Zingiri Web Shop 1.5.2
Zingiri Zingiri Web Shop 1.4.3
Zingiri Zingiri Web Shop 1.4.2
Zingiri Zingiri Web Shop 1.3.3
Zingiri Zingiri Web Shop 1.3.2
Zingiri Zingiri Web Shop 1.2.6
Zingiri Zingiri Web Shop 1.2.5
Zingiri Zingiri Web Shop 1.0.4
Zingiri Zingiri Web Shop 1.0.3
Zingiri Zingiri Web Shop 2.3.2
Zingiri Zingiri Web Shop 2.3.1
Zingiri Zingiri Web Shop 2.1.3
Zingiri Zingiri Web Shop 2.1.2
10
CVSSv2
CVE-2012-2399
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and previous versions, as used in WordPress prior to 3.5.2, TinyMCE Image Manager 1.1 and previous versions, and other products allows remote malicious users to inject arbitrary web script or HTML via ...
Wordpress Wordpress 2.8
Wordpress Wordpress 2.0.9
Wordpress Wordpress 2.0
Wordpress Wordpress 2.3.2
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.7
Wordpress Wordpress 2.8.5
Wordpress Wordpress 2.8.1
Wordpress Wordpress 3.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 3.0
Wordpress Wordpress 1.5
Wordpress Wordpress 1.2
Wordpress Wordpress 2.9.1
Wordpress Wordpress 1.0
Wordpress Wordpress 1.2.3
Wordpress Wordpress 1.2.4
Wordpress Wordpress 3.0.4
Wordpress Wordpress 2.8.5.1
Wordpress Wordpress 2.6.2
Wordpress Wordpress 2.0.8
Wordpress Wordpress 1.5.1.3
2 Github repositories
10
CVSSv2
CVE-2012-2400
Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress prior to 3.3.2 has unknown impact and attack vectors.
Wordpress Wordpress
Wordpress Wordpress 2.0.11
Wordpress Wordpress 2.1.3
Wordpress Wordpress 2.2.1
Wordpress Wordpress 1.5.1.1
Wordpress Wordpress 2.0.1
Wordpress Wordpress 3.3
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.1.2
Wordpress Wordpress 2.5.1
Wordpress Wordpress 2.3
Wordpress Wordpress 3.0.6
Wordpress Wordpress 2.6.1
Wordpress Wordpress 1.5.1
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.0.1
Wordpress Wordpress 2.6.5
Wordpress Wordpress 3.1.3
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.3.3
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.2.3
10
CVSSv2
CVE-2009-2853
Wordpress prior to 2.8.3 allows remote malicious users to gain privileges via a direct request to (1) admin-footer.php, (2) edit-category-form.php, (3) edit-form-advanced.php, (4) edit-form-comment.php, (5) edit-link-category-form.php, (6) edit-link-form.php, (7) edit-page-form.p...
Wordpress Wordpress 1.2
Wordpress Wordpress 0.72
Wordpress Wordpress 1.5
Wordpress Wordpress 1.5.1
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 1.5.2
Wordpress Wordpress 2.0
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.3
Wordpress Wordpress 2.3.1
Wordpress Wordpress 2.5.1
Wordpress Wordpress 2.1.1
Wordpress Wordpress 1.0
Wordpress Wordpress 1.0.1
Wordpress Wordpress 2.0.7
Wordpress Wordpress 2.1
Wordpress Wordpress 2.1.2
Wordpress Wordpress 2.6.1
Wordpress Wordpress 2.6.2
Wordpress Wordpress 2.6.3
Wordpress Wordpress 2.7
Wordpress Wordpress 2.7.1
9.3
CVSSv2
CVE-2008-4769
Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and previous versions, and 2.5, allows remote malicious users to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of ...
Wordpress Wordpress 1.2-delta
Wordpress Wordpress 2.1.3
Wordpress Wordpress 1.0.1-miles
Wordpress Wordpress 1.5-strayhorn
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.0.3
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.3
Wordpress Wordpress 1.2
Wordpress Wordpress 2.2 Revision5003
Wordpress Wordpress 2.2.2
Wordpress Wordpress 1.0
Wordpress Wordpress 1.0.1
Wordpress Wordpress 0.7
Wordpress Wordpress 0.72
Wordpress Wordpress 1.4
Wordpress Wordpress 1.2-mingus
Wordpress Wordpress 2.2 Revision5002
Wordpress Wordpress 1.0.2-blakey
Wordpress Wordpress 1.5.1.1
1 EDB exploit
9
CVSSv2
CVE-2015-9228
In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php.
Imagely Nextgen Gallery 2.1.10
Imagely Nextgen Gallery 2.0.66.29
Imagely Nextgen Gallery 2.0.66.27
Imagely Nextgen Gallery 2.0.66.26
Imagely Nextgen Gallery 2.0.66.17
Imagely Nextgen Gallery 2.0.25
Imagely Nextgen Gallery 2.0.23
Imagely Nextgen Gallery 2.0.21
Imagely Nextgen Gallery 2.0.17
Imagely Nextgen Gallery 1.9.3
Imagely Nextgen Gallery 1.9.2
Imagely Nextgen Gallery 1.9.1
Imagely Nextgen Gallery 1.9.0
Imagely Nextgen Gallery 1.8.4
Imagely Nextgen Gallery 1.5.5
Imagely Nextgen Gallery 1.5.4
Imagely Nextgen Gallery 1.5.3
Imagely Nextgen Gallery 1.5.2
Imagely Nextgen Gallery 2.1.9
Imagely Nextgen Gallery 2.1.2
Imagely Nextgen Gallery 2.0.79
Imagely Nextgen Gallery 2.0.74
7.5
CVSSv2
CVE-2021-24762
The Perfect Survey WordPress plugin prior to 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.
Getperfectsurvey Perfect Survey
1 Github repository
7.5
CVSSv2
CVE-2018-16613
An issue exists in the update function in the wpForo Forum plugin prior to 1.5.2 for WordPress. A registered forum is able to escalate privilege to the forum administrator without any form of user interaction.
Gvectors Wpforo Forum
7.5
CVSSv2
CVE-2017-1002012
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable before passing it into an SQL statement.
Anblik Image-gallery-with-slideshow 1.5.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »