Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.2 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2008-0193
Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and previous versions, and possibly 2.1.x up to and including 2.3.x, allows remote malicious users to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-a...
Wordpress Wordpress
Wordpress Wordpress 2.1
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.1.2
Wordpress Wordpress 2.1.3
Wordpress Wordpress 2.1.3 Rc1
Wordpress Wordpress 2.1.3 Rc2
Wordpress Wordpress 2.2
Wordpress Wordpress 2.2.0
Wordpress Wordpress 2.2.1
Wordpress Wordpress 2.2.2
Wordpress Wordpress 2.2.3
1 EDB exploit
5
CVSSv2
CVE-2008-0191
WordPress 2.2.x and 2.3.x allows remote malicious users to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals the full path and the SQL database structure.
Wordpress Wordpress 2.2
Wordpress Wordpress 2.3
4.3
CVSSv2
CVE-2007-3241
Cross-site scripting (XSS) vulnerability in blogroll.php in the cordobo-green-park theme for WordPress allows remote malicious users to inject arbitrary web script or HTML via the PHP_SELF portion of a URI.
Wordpress Wordpress 2.2
4.3
CVSSv2
CVE-2007-3239
Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme prior to 20070607 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. NOTE: this can be leveraged for PHP code execution...
Wordpress Wordpress 2.2
4.3
CVSSv2
CVE-2007-3240
Cross-site scripting (XSS) vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote malicious users to inject arbitrary web script or HTML via the URI (REQUEST_URI) that accesses index.php. NOTE: this can be leveraged for PHP code execution in an administ...
Wordpress Wordpress 2.2
6
CVSSv2
CVE-2007-3238
Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. ...
Wordpress Wordpress 2.2
6.5
CVSSv2
CVE-2007-3140
SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897.
Wordpress Wordpress 2.2
1 EDB exploit
6.8
CVSSv2
CVE-2007-6318
SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and previous versions allows remote malicious users to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a...
Wordpress Wordpress 2.0
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.0.3
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.0.5
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.7
Wordpress Wordpress 2.0.10
Wordpress Wordpress 2.0.10 Rc1
Wordpress Wordpress 2.0.10 Rc2
Wordpress Wordpress 2.1.1
1 EDB exploit
4.3
CVSSv2
CVE-2007-4893
wp-admin/admin-functions.php in Wordpress prior to 2.2.3 and Wordpress multi-user (MU) prior to 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2...
Wordpress Wordpress 0.6.2
Wordpress Wordpress 0.6.2.1
Wordpress Wordpress 0.7
Wordpress Wordpress 0.71
Wordpress Wordpress 1.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.2.2
Wordpress Wordpress 1.5
Wordpress Wordpress 1.5.1
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 2.0
7.5
CVSSv2
CVE-2007-4894
Multiple SQL injection vulnerabilities in Wordpress prior to 2.2.3 and Wordpress multi-user (MU) prior to 1.2.5a allow remote malicious users to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and ...
Wordpress Wordpress 0.6.2
Wordpress Wordpress 0.6.2.1
Wordpress Wordpress 0.7
Wordpress Wordpress 0.71
Wordpress Wordpress 1.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.2.2
Wordpress Wordpress 1.5
Wordpress Wordpress 1.5.1
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 2.0
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
type confusion
unspecified
CVE-2025-24200
reflected XSS
panel
CVE-2024-12549
temporal technologies, inc.
CVE-2024-21971
CVE-2024-57777
CVE-2023-31122
CVE-2025-0909
winzip computing
unified secops platform
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »