Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.6.1 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-0867
The Pricing Table WordPress plugin prior to 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users
Reputeinfosystems Pricing Table
8.6
CVSSv3
CVE-2016-2222
The wp_http_validate_url function in wp-includes/http.php in WordPress prior to 4.4.2 allows remote malicious users to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address in the u parameter to wp-admin/press-this.php.
Wordpress Wordpress 4.4.1
1 Github repository
7.5
CVSSv3
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Wordpress Wordpress 4.7.1
Wordpress Wordpress 4.7.2
Wordpress Wordpress 4.6.6
Wordpress Wordpress 4.6.5
Wordpress Wordpress 4.6.4
Wordpress Wordpress 4.5.7
Wordpress Wordpress 4.5.6
Wordpress Wordpress 4.5
Wordpress Wordpress 4.4.9
Wordpress Wordpress 4.4.11
Wordpress Wordpress 4.4.10
Wordpress Wordpress 4.3.5
Wordpress Wordpress 4.3.4
Wordpress Wordpress 4.3
Wordpress Wordpress 4.2.9
Wordpress Wordpress 4.2.16
Wordpress Wordpress 4.2.15
Wordpress Wordpress 4.2
Wordpress Wordpress 4.1.9
Wordpress Wordpress 4.1.2
Wordpress Wordpress 4.1.19
Wordpress Wordpress 4.1.11
2 Github repositories
7.4
CVSSv3
CVE-2016-2221
Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress prior to 4.4.2 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL that triggers incorrect hostname parsi...
Wordpress Wordpress
2 Github repositories
6.1
CVSSv3
CVE-2022-0641
The Popup Like box WordPress plugin prior to 3.6.1 does not sanitize and escape the ays_fb_tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
Ays-pro Popup Like Box
6.1
CVSSv3
CVE-2022-0653
The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows malicious users to ...
Cozmoslabs Profile Builder
6.1
CVSSv3
CVE-2020-29172
A cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plugin prior to 3.6.1 for WordPress can be exploited via the Server IP setting.
Litespeedtech Litespeed Cache
6.1
CVSSv3
CVE-2015-5714
Cross-site scripting (XSS) vulnerability in WordPress prior to 4.3.1 allows remote malicious users to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.
Wordpress Wordpress
9 Github repositories
6.1
CVSSv3
CVE-2016-1564
Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/class-wp-theme.php in WordPress prior to 4.4.1 allow remote malicious users to inject arbitrary web script or HTML via a (1) stylesheet name or (2) template name to wp-admin/customize.php.
Wordpress Wordpress
8 Github repositories
5.4
CVSSv3
CVE-2015-7989
Cross-site scripting (XSS) vulnerability in the user list table in WordPress prior to 4.3.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted e-mail address, a different vulnerability than CVE-2015-5714.
Wordpress Wordpress
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »