wordpress wordpress 3.0.1 vulnerabilities and exploits

(subscribe to this query)

4.3

CVSSv2

Cross-site scripting (XSS) vulnerability in the BackWPup plugin before 3.0.13 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter to wp-admin/admin.php....

Marketpress Backwpup Plugin 3.0.7 Marketpress Backwpup Plugin 3.0.6 Marketpress Backwpup Plugin 3.0.5 Marketpress Backwpup Plugin 3.0.4 Marketpress Backwpup Plugin 3.0 Marketpress Backwpup Plugin Marketpress Backwpup Plugin 3.0.10 Marketpress Backwpup Plugin 3.0.8 Marketpress Backwpup Plugin 3.0.3 Marketpress Backwpup Plugin 3.0.1 Marketpress Backwpup Plugin 3.0.11 Marketpress Backwpup Plugin 3.0.9 Marketpress Backwpup Plugin 3.0.2

4.3

CVSSv2

Cross-site scripting (XSS) vulnerability in the Login With Ajax plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter....

Netweblogic Login With Ajax 3.0.1 Netweblogic Login With Ajax 2.21 Netweblogic Login With Ajax 2.1.1 Netweblogic Login With Ajax Netweblogic Login With Ajax 3.0.3 Netweblogic Login With Ajax 3.0.2 Netweblogic Login With Ajax 2.2 Netweblogic Login With Ajax 2.1.5 Netweblogic Login With Ajax 2.1.4 Netweblogic Login With Ajax 2.1.3 Netweblogic Login With Ajax 2.1.2 Netweblogic Login With Ajax 3.0 Netweblogic Login With Ajax 3.0b Netweblogic Login With Ajax 2.1

4.3

CVSSv2

Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the Login With Ajax (aka login-with-ajax) plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter in a lostpassword action to wp-login.php....

Netweblogic Login With Ajax 2.1.5 Netweblogic Login With Ajax 2.2 Netweblogic Login With Ajax 2.1.3 Netweblogic Login With Ajax 2.1.4 Netweblogic Login With Ajax 3.0.2 Netweblogic Login With Ajax 3.0.3 Netweblogic Login With Ajax Netweblogic Login With Ajax 2.1.1 Netweblogic Login With Ajax 2.1.2 Netweblogic Login With Ajax 3.0 Netweblogic Login With Ajax 3.0.1 Netweblogic Login With Ajax 2.1 Netweblogic Login With Ajax 2.21 Netweblogic Login With Ajax 3.0b

6.8

CVSSv2

Cross-site request forgery (CSRF) vulnerability in the Login With Ajax plugin before 3.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify this plugin's settings....

Netweblogic Login With Ajax 2.2 Netweblogic Login With Ajax 2.1.5 Netweblogic Login With Ajax 2.1.4 Netweblogic Login With Ajax 2.1.3 Netweblogic Login With Ajax 3.0 Netweblogic Login With Ajax 3.0.1 Netweblogic Login With Ajax 3.0.2 Netweblogic Login With Ajax 3.0.3 Netweblogic Login With Ajax 3.0.4.1 Netweblogic Login With Ajax 2.1.1 Netweblogic Login With Ajax 2.1 Netweblogic Login With Ajax 3.0b3 Netweblogic Login With Ajax 3.0.4 Netweblogic Login With Ajax 3.1 Netweblogic Login With Ajax 2.21 Netweblogic Login With Ajax 2.1.2 Netweblogic Login With Ajax 3.0b

10

CVSSv2

Unspecified vulnerability in the folder framework in the Enfold theme before 3.0.1 for WordPress has unknown impact and attack vectors....

4.3

CVSSv2

Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Register Plus plugin 3.5.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) firstname, (2) lastname, (3) website, (4) aim, (5) yahoo, (6) jabber, (7)...

4.3

CVSSv2

Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter....

Wptrafficanalyzer Trafficanalyzer 3.3.2 Wptrafficanalyzer Trafficanalyzer 3.0.1 Wptrafficanalyzer Trafficanalyzer 3.0.0 Wptrafficanalyzer Trafficanalyzer 2.7.0 Wptrafficanalyzer Trafficanalyzer 2.6.0 Wptrafficanalyzer Trafficanalyzer 2.2.1 Wptrafficanalyzer Trafficanalyzer 2.2.0 Wptrafficanalyzer Trafficanalyzer 1.5.0 Wptrafficanalyzer Trafficanalyzer 1.4.0 Wptrafficanalyzer Trafficanalyzer 1.0.0 Wptrafficanalyzer Trafficanalyzer 3.2.1 Wptrafficanalyzer Trafficanalyzer 3.2.0 Wptrafficanalyzer Trafficanalyzer 3.1.0 Wptrafficanalyzer Trafficanalyzer 2.8.2 Wptrafficanalyzer Trafficanalyzer 2.8.1 Wptrafficanalyzer Trafficanalyzer 2.5.0 Wptrafficanalyzer Trafficanalyzer 2.4.1 Wptrafficanalyzer Trafficanalyzer 1.8.0 Wptrafficanalyzer Trafficanalyzer 1.7.0 Wptrafficanalyzer Trafficanalyzer 1.1.3 Wptrafficanalyzer Trafficanalyzer 1.1.2 Wptrafficanalyzer Trafficanalyzer 3.0.3 Wptrafficanalyzer Trafficanalyzer 3.0.2 Wptrafficanalyzer Trafficanalyzer 2.8.0 Wptrafficanalyzer Trafficanalyzer 2.7.1 Wptrafficanalyzer Trafficanalyzer 2.4.0 Wptrafficanalyzer Trafficanalyzer 2.3.0 Wptrafficanalyzer Trafficanalyzer 1.6.1 Wptrafficanalyzer Trafficanalyzer 1.6.0 Wptrafficanalyzer Trafficanalyzer 1.1.1 Wptrafficanalyzer Trafficanalyzer 1.1.0 Wptrafficanalyzer Trafficanalyzer 3.3.1 Wptrafficanalyzer Trafficanalyzer 3.3.0 Wptrafficanalyzer Trafficanalyzer 2.9.1 Wptrafficanalyzer Trafficanalyzer 2.9.0 Wptrafficanalyzer Trafficanalyzer 2.5.2 Wptrafficanalyzer Trafficanalyzer 2.5.1 Wptrafficanalyzer Trafficanalyzer 2.1.0 Wptrafficanalyzer Trafficanalyzer 2.0.0 Wptrafficanalyzer Trafficanalyzer 1.9.0 Wptrafficanalyzer Trafficanalyzer 1.3.0 Wptrafficanalyzer Trafficanalyzer 1.2.01 EDB exploit available

7.5

CVSSv2

SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL)....

Adrotateplugin Adrotate 3.6.3 Adrotateplugin Adrotate 3.6.2 Adrotateplugin Adrotate 3.3 Adrotateplugin Adrotate 3.2.2 Adrotateplugin Adrotate 3.0.1 Adrotateplugin Adrotate 3.0 Adrotateplugin Adrotate 2.4.1 Adrotateplugin Adrotate 2.4 Adrotateplugin Adrotate 1.0 Adrotateplugin Adrotate 0.8 Adrotateplugin Adrotate 0.2 Adrotateplugin Adrotate 0.1 Adrotateplugin Adrotate Adrotateplugin Adrotate 3.6.6 Adrotateplugin Adrotate 3.5.1 Adrotateplugin Adrotate 3.5 Adrotateplugin Adrotate 3.1.1 Adrotateplugin Adrotate 3.1 Adrotateplugin Adrotate 2.5 Adrotateplugin Adrotate 2.4.4 Adrotateplugin Adrotate 2.2 Adrotateplugin Adrotate 2.1 Adrotateplugin Adrotate 0.6 Adrotateplugin Adrotate 0.5 Adrotateplugin Adrotate 3.6.1 Adrotateplugin Adrotate 3.6 Adrotateplugin Adrotate 3.2.1 Adrotateplugin Adrotate 3.2 Adrotateplugin Adrotate 2.6.1 Adrotateplugin Adrotate 2.6 Adrotateplugin Adrotate 2.5.1 Adrotateplugin Adrotate 2.3.1 Adrotateplugin Adrotate 2.3 Adrotateplugin Adrotate 0.7.1 Adrotateplugin Adrotate 0.7 Adrotateplugin Adrotate 3.6.5 Adrotateplugin Adrotate 3.6.4 Adrotateplugin Adrotate 3.4 Adrotateplugin Adrotate 3.3.1 Adrotateplugin Adrotate 3.0.3 Adrotateplugin Adrotate 3.0.2 Adrotateplugin Adrotate 2.4.3 Adrotateplugin Adrotate 2.4.2 Adrotateplugin Adrotate 2.0.1 Adrotateplugin Adrotate 2.0 Adrotateplugin Adrotate 0.4 Adrotateplugin Adrotate 0.32 EDB exploits available

NA

The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files...

Get Started

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook