Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

wordpress wordpress mu vulnerabilities and exploits

(subscribe to this query)

NA
CVE-2008-4671
Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) before 2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) s and (2) ip_address parameters....
Wordpress Wordpress Mu 1.3.1Wordpress Wordpress Mu 1.3Wordpress Wordpress Mu 1.2.3Wordpress Wordpress Mu 1.2.2Wordpress Wordpress Mu 1.0Wordpress Wordpress Mu
NA
CVE-2009-1030
Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header....
Wordpress Wordpress Mu 1.0Wordpress Wordpress Mu 1.2.4Wordpress Wordpress Mu 1.2.5aWordpress Wordpress Mu 2.6.3Wordpress Wordpress Mu 2.6.5Wordpress Wordpress Mu 1.2.2Wordpress Wordpress Mu 1.1.1Wordpress Wordpress Mu 1.1Wordpress Wordpress Mu 1.5Wordpress Wordpress Mu 1.5.1Wordpress Wordpress Mu 1.3Wordpress Wordpress Mu 1.2.3Wordpress Wordpress Mu 1.3.2Wordpress Wordpress Mu 1.3.3Wordpress Wordpress Mu 2.7Wordpress Wordpress MuWordpress Wordpress Mu 1.3.1Wordpress Wordpress Mu 1.2Wordpress Wordpress Mu 1.2.1Wordpress Wordpress Mu 2.6.1Wordpress Wordpress Mu 2.6.2
NA
CVE-2009-2432
WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message....
Wordpress Wordpress 2.6Wordpress Wordpress 2.5.1Wordpress Wordpress 2.3Wordpress Wordpress 2.2 Revision5003Wordpress Wordpress 2.1Wordpress Wordpress 2.1.3 Rc2Wordpress Wordpress 2.0.8Wordpress Wordpress 2.0.7Wordpress Wordpress 2.0.10 Rc1Wordpress Wordpress 2.0.10Wordpress Wordpress 1.5.1.1Wordpress Wordpress 1.5.1Wordpress Wordpress 1.2.1Wordpress Wordpress 1.2-mingusWordpress Wordpress 1.0.2Wordpress Wordpress 1.0.1-milesWordpress Wordpress 0.72Wordpress Wordpress 0.711Wordpress Wordpress 0.6.2Wordpress Wordpress 2.6.1Wordpress Wordpress 2.6.3Wordpress Wordpress Mu 1.2.4Wordpress Wordpress Mu 1.5Wordpress Wordpress Mu 2.6Wordpress Wordpress 2.3.3Wordpress Wordpress 2.3.2Wordpress Wordpress 2.2.2Wordpress Wordpress 2.2.1Wordpress Wordpress 2.1.2Wordpress Wordpress 2.1.1Wordpress Wordpress 2.0.3Wordpress Wordpress 2.0.2Wordpress Wordpress 1.6Wordpress Wordpress 1.5.2Wordpress Wordpress 1.4Wordpress Wordpress 1.3.1Wordpress Wordpress 1.0Wordpress Wordpress 0.7Wordpress Wordpress Mu 1.2Wordpress Wordpress 2.5Wordpress Wordpress 2.2 Revision5002Wordpress Wordpress 2.2.3Wordpress Wordpress 2.1.3 Rc1Wordpress Wordpress 2.1.3Wordpress Wordpress 2.0.6Wordpress Wordpress 2.0.5Wordpress Wordpress 2.0.4Wordpress Wordpress 2.0.1Wordpress Wordpress 2.0Wordpress Wordpress 1.5-strayhornWordpress Wordpress 1.5Wordpress Wordpress 1.2-deltaWordpress Wordpress 1.2Wordpress Wordpress 1.0.1Wordpress Wordpress 1.0-platinumWordpress Wordpress 0.71-goldWordpress Wordpress 0.71Wordpress Wordpress Mu 1.1Wordpress Wordpress Mu 1.1.1Wordpress Wordpress Mu 1.2.5aWordpress Wordpress Mu 1.3Wordpress Wordpress Mu 2.6.1Wordpress Wordpress Mu 2.6.2Wordpress Wordpress Mu 1.2.1Wordpress Wordpress Mu 1.3.1Wordpress Wordpress Mu 1.3.2Wordpress Wordpress Mu 2.6.3Wordpress Wordpress Mu 2.6.5Wordpress Wordpress 2.3.1Wordpress Wordpress 2.2.0Wordpress Wordpress 2.2Wordpress Wordpress 2.0.9Wordpress Wordpress 2.0.11Wordpress Wordpress 2.0.10 Rc2Wordpress Wordpress 1.5.1.3Wordpress Wordpress 1.5.1.2Wordpress Wordpress 1.2.2Wordpress Wordpress 1.0.2-blakeyWordpress Wordpress 0.6.2.1Wordpress Wordpress Mu 1.2.2Wordpress Wordpress Mu 1.2.3Wordpress Wordpress Mu 1.3.3Wordpress Wordpress Mu 1.5.1Wordpress Wordpress MuWordpress WordpressWordpress Wordpress 2.6.5
NA
CVE-2009-2334
wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify...
Wordpress Wordpress 2.3.3Wordpress Wordpress 2.3.2Wordpress Wordpress 2.2.2Wordpress Wordpress 2.2.1Wordpress Wordpress 2.1.1Wordpress Wordpress 2.1Wordpress Wordpress 2.6Wordpress Wordpress 2.3.1Wordpress Wordpress 2.2.0Wordpress Wordpress 2.2Wordpress Wordpress 2.0.9Wordpress Wordpress 2.0.8Wordpress Wordpress 2.0.11Wordpress Wordpress 2.0.10 Rc2Wordpress Wordpress 1.5.1.3Wordpress Wordpress 1.5.1.2Wordpress Wordpress 1.2.2Wordpress Wordpress 1.2.1Wordpress Wordpress 2.5.1Wordpress Wordpress 2.5Wordpress Wordpress 2.3Wordpress Wordpress 2.2 Revision5003Wordpress Wordpress 2.1.3 Rc2Wordpress Wordpress 2.1.3 Rc1Wordpress Wordpress 2.0.7Wordpress Wordpress 2.0.6Wordpress Wordpress 2.0.10 Rc1Wordpress Wordpress 2.0.10Wordpress Wordpress 1.5.1.1Wordpress Wordpress 1.5.1Wordpress Wordpress 1.5-strayhornWordpress Wordpress 1.2-mingusWordpress Wordpress 1.2-deltaWordpress Wordpress 1.0.2Wordpress Wordpress 1.0.1-milesWordpress Wordpress 0.711Wordpress Wordpress 0.71-goldWordpress Wordpress 2.6.1Wordpress Wordpress 2.6.3Wordpress Wordpress Mu 1.2.4Wordpress Wordpress Mu 2.6Wordpress Wordpress Mu 2.6.1Wordpress Wordpress 2.0.3Wordpress Wordpress 2.0.2Wordpress Wordpress 1.6Wordpress Wordpress 1.5.2Wordpress Wordpress 1.3.1Wordpress Wordpress 1.2Wordpress Wordpress 1.0Wordpress Wordpress 0.72Wordpress Wordpress 0.6.2Wordpress Wordpress 0.6.2.1Wordpress Wordpress Mu 1.2Wordpress Wordpress Mu 1.2.1Wordpress Wordpress Mu 1.3.1Wordpress Wordpress Mu 1.3.2Wordpress Wordpress Mu 1.3.3Wordpress Wordpress Mu 2.6.5Wordpress Wordpress MuWordpress Wordpress 1.0.2-blakeyWordpress Wordpress Mu 1.2.2Wordpress Wordpress Mu 1.2.3Wordpress Wordpress Mu 1.5.1Wordpress Wordpress Mu 1.5Wordpress WordpressWordpress Wordpress 2.6.5Wordpress Wordpress 2.2 Revision5002Wordpress Wordpress 2.2.3Wordpress Wordpress 2.1.3Wordpress Wordpress 2.1.2Wordpress Wordpress 2.0.5Wordpress Wordpress 2.0.4Wordpress Wordpress 2.0.1Wordpress Wordpress 2.0Wordpress Wordpress 1.5Wordpress Wordpress 1.4Wordpress Wordpress 1.0.1Wordpress Wordpress 1.0-platinumWordpress Wordpress 0.71Wordpress Wordpress 0.7Wordpress Wordpress Mu 1.1Wordpress Wordpress Mu 1.1.1Wordpress Wordpress Mu 1.2.5aWordpress Wordpress Mu 1.3Wordpress Wordpress Mu 2.6.2Wordpress Wordpress Mu 2.6.3
NA
CVE-2009-2335
WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue,...
Wordpress WordpressWordpress Wordpress Mu
NA
CVE-2007-3544
Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom...
Wordpress WordpressWordpress Wordpress Mu
NA
CVE-2007-3543
Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending...
Wordpress Wordpress MuWordpress Wordpress
NA
CVE-2009-2336
The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the...
Wordpress WordpressWordpress Wordpress Mu
NA
CVE-2008-5695
wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP...
Wordpress WordpressWordpress Wordpress Mu
NA
CVE-2007-4544
Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the weblog_id parameter (Username field)....
Wordpress Wordpress Mu
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-5172CVE-2023-44023CVE-2023-30845elevation of privilegeinjectionCVE-2023-43234CVE-2023-41991cross-site request forgeryseacmsCVE-2023-5197
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook