Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

wordpress wordpress 1.6.2 vulnerabilities and exploits

(subscribe to this query)
4.3
CVSSv2

CVE-2011-5265

Cross-site scripting (XSS) vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the snum parameter. NOTE: this has been disputed by a third party.
Featurific For Wordpress Project Featurific-for-wordpress 1.6.2
6.5
CVSSv2

CVE-2015-2292

Multiple SQL injection vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin prior to 1.5.7, 1.6.x prior to 1.6.4, and 1.7.x prior to 1.7.4 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) order_...
Yoast Wordpress SeoYoast Wordpress Seo 1.6.0Yoast Wordpress Seo 1.6.1Yoast Wordpress Seo 1.6.2Yoast Wordpress Seo 1.6.3Yoast Wordpress Seo 1.7.1Yoast Wordpress Seo 1.7.2Yoast Wordpress Seo 1.7.3Yoast Wordpress Seo 1.7.3.1Yoast Wordpress Seo 1.7.3.2Yoast Wordpress Seo 1.7.3.3
6.8
CVSSv2

CVE-2015-2293

Multiple cross-site request forgery (CSRF) vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin prior to 1.5.7, 1.6.x prior to 1.6.4, and 1.7.x prior to 1.7.4 for WordPress allow remote malicious users to hijack the authentication of cert...
Yoast Wordpress SeoYoast Wordpress Seo 1.6.0Yoast Wordpress Seo 1.6.1Yoast Wordpress Seo 1.6.2Yoast Wordpress Seo 1.6.3Yoast Wordpress Seo 1.7.1Yoast Wordpress Seo 1.7.2Yoast Wordpress Seo 1.7.3Yoast Wordpress Seo 1.7.3.1Yoast Wordpress Seo 1.7.3.2Yoast Wordpress Seo 1.7.3.3
4.3
CVSSv2

CVE-2013-2199

The HTTP API in WordPress prior to 3.5.2 allows remote malicious users to send HTTP requests to intranet servers via unspecified vectors, related to a Server-Side Request Forgery (SSRF) issue, a similar vulnerability to CVE-2013-0235.
Wordpress WordpressWordpress Wordpress 0.71Wordpress Wordpress 1.0Wordpress Wordpress 1.0.1Wordpress Wordpress 1.0.2Wordpress Wordpress 1.1.1Wordpress Wordpress 1.2Wordpress Wordpress 1.2.1Wordpress Wordpress 1.2.2Wordpress Wordpress 1.2.3Wordpress Wordpress 1.2.4Wordpress Wordpress 1.2.5
4
CVSSv2

CVE-2013-2200

WordPress prior to 3.5.2 does not properly check the capabilities of roles, which allows remote authenticated users to bypass intended restrictions on publishing and authorship reassignment via unspecified vectors.
Wordpress WordpressWordpress Wordpress 0.71Wordpress Wordpress 1.0Wordpress Wordpress 1.0.1Wordpress Wordpress 1.0.2Wordpress Wordpress 1.1.1Wordpress Wordpress 1.2Wordpress Wordpress 1.2.1Wordpress Wordpress 1.2.2Wordpress Wordpress 1.2.3Wordpress Wordpress 1.2.4Wordpress Wordpress 1.2.5
4.3
CVSSv2

CVE-2013-2201

Multiple cross-site scripting (XSS) vulnerabilities in WordPress prior to 3.5.2 allow remote malicious users to inject arbitrary web script or HTML via vectors involving (1) uploads of media files, (2) editing of media files, (3) installation of plugins, (4) updates to plugins, (...
Wordpress WordpressWordpress Wordpress 0.71Wordpress Wordpress 1.0Wordpress Wordpress 1.0.1Wordpress Wordpress 1.0.2Wordpress Wordpress 1.1.1Wordpress Wordpress 1.2Wordpress Wordpress 1.2.1Wordpress Wordpress 1.2.2Wordpress Wordpress 1.2.3Wordpress Wordpress 1.2.4Wordpress Wordpress 1.2.5
4.3
CVSSv2

CVE-2013-2202

WordPress prior to 3.5.2 allows remote malicious users to read arbitrary files via an oEmbed XML provider response containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Wordpress WordpressWordpress Wordpress 0.71Wordpress Wordpress 1.0Wordpress Wordpress 1.0.1Wordpress Wordpress 1.0.2Wordpress Wordpress 1.1.1Wordpress Wordpress 1.2Wordpress Wordpress 1.2.1Wordpress Wordpress 1.2.2Wordpress Wordpress 1.2.3Wordpress Wordpress 1.2.4Wordpress Wordpress 1.2.5
4.3
CVSSv2

CVE-2013-2203

WordPress prior to 3.5.2, when the uploads directory forbids write access, allows remote malicious users to obtain sensitive information via an invalid upload request, which reveals the absolute path in an XMLHttpRequest error message.
Wordpress WordpressWordpress Wordpress 0.71Wordpress Wordpress 1.0Wordpress Wordpress 1.0.1Wordpress Wordpress 1.0.2Wordpress Wordpress 1.1.1Wordpress Wordpress 1.2Wordpress Wordpress 1.2.1Wordpress Wordpress 1.2.2Wordpress Wordpress 1.2.3Wordpress Wordpress 1.2.4Wordpress Wordpress 1.2.5
4.3
CVSSv2

CVE-2013-2204

moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress prior to 3.5.2 and other products, does not consider the presence of a # (pound sign) character during extraction of the QUERY_STRING, which allows remote malicious users to pass arbitrary p...
Tinymce Media -Wordpress WordpressWordpress Wordpress 0.71Wordpress Wordpress 1.0Wordpress Wordpress 1.0.1Wordpress Wordpress 1.0.2Wordpress Wordpress 1.1.1Wordpress Wordpress 1.2Wordpress Wordpress 1.2.1Wordpress Wordpress 1.2.2Wordpress Wordpress 1.2.3Wordpress Wordpress 1.2.4
4.3
CVSSv2

CVE-2013-2205

The default configuration of SWFUpload in WordPress prior to 3.5.2 has an unrestrictive security.allowDomain setting, which allows remote malicious users to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site.
Wordpress WordpressWordpress Wordpress 0.71Wordpress Wordpress 1.0Wordpress Wordpress 1.0.1Wordpress Wordpress 1.0.2Wordpress Wordpress 1.1.1Wordpress Wordpress 1.2Wordpress Wordpress 1.2.1Wordpress Wordpress 1.2.2Wordpress Wordpress 1.2.3Wordpress Wordpress 1.2.4Wordpress Wordpress 1.2.5
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
path traversalCVE-2025-2657CVE-2025-30066CVE-2025-24813apache commons vfsCVE-2025-2478validationCVE-2025-2674code injectionmedical card generation systemmicrosoft edge (chromium-based)CVE-2025-2688cicadascms
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook