Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.7 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2019-16780
WordPress users with lower privileges (like contributors) can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. This can lead to XSS if an admin opens the post in the editor. Execution of this attack does require an authe...
Wordpress Wordpress 3.7
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 10.0
NA
CVE-2014-5240
Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress prior to 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL.
Wordpress Wordpress 3.0.5
Wordpress Wordpress 3.0.6
Wordpress Wordpress 3.1
Wordpress Wordpress 3.1.1
Wordpress Wordpress 3.5.0
Wordpress Wordpress 3.5.1
Wordpress Wordpress 3.6
Wordpress Wordpress 3.6.1
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.0.3
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.2
Wordpress Wordpress 3.3.2
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.4.2
Wordpress Wordpress 3.7
Wordpress Wordpress 3.8
Wordpress Wordpress 3.0
Wordpress Wordpress 3.2.1
Wordpress Wordpress 3.3
Wordpress Wordpress 3.3.1
Wordpress Wordpress 3.9.0
NA
CVE-2008-0682
SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin prior to 3.72 for Wordpress allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Wordpress Wordspew
Wordpress Wordspew 3.7
Wordpress Wordspew 3.31
Wordpress Wordspew 3.3
Wordpress Wordspew 3.01
Wordpress Wordspew 3.0
Wordpress Wordspew 2.85
Wordpress Wordspew 2.8
Wordpress Wordspew 2.2
Wordpress Wordspew 2.1
Wordpress Wordspew 3.6
Wordpress Wordspew 3.52
Wordpress Wordspew 3.2
Wordpress Wordspew 3.16
Wordpress Wordspew 2.95
Wordpress Wordspew 2.94
Wordpress Wordspew 2.7
Wordpress Wordspew 2.6
Wordpress Wordspew 2.0
Wordpress Wordspew 1.8
Wordpress Wordspew 1.7
Wordpress Wordspew 3.33
1 EDB exploit
NA
CVE-2014-0166
The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress prior to 3.7.2 and 3.8.x prior to 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote malicious users to obtain access via a forged cookie.
Wordpress Wordpress 3.6
Wordpress Wordpress 3.5.1
Wordpress Wordpress 3.3.1
Wordpress Wordpress 3.3
Wordpress Wordpress 3.1
Wordpress Wordpress 3.0.6
Wordpress Wordpress 2.9.2
Wordpress Wordpress 2.9.1.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress
Wordpress Wordpress 3.8
Wordpress Wordpress 3.4.1
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.0.3
Wordpress Wordpress 3.0.2
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 2.8
Wordpress Wordpress 2.7.1
Wordpress Wordpress 2.5.1
1 Github repository
NA
CVE-2014-0165
WordPress prior to 3.7.2 and 3.8.x prior to 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php.
Wordpress Wordpress 3.7
Wordpress Wordpress
Wordpress Wordpress 3.4.2
Wordpress Wordpress 3.4.1
Wordpress Wordpress 3.2
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.0.3
Wordpress Wordpress 2.9
Wordpress Wordpress 3.8
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.3.3
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.0.1
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 2.8.5.1
Wordpress Wordpress 3.6.1
Wordpress Wordpress 3.6
Wordpress Wordpress 3.3.2
Wordpress Wordpress 3.3.1
7.5
CVSSv3
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Wordpress Wordpress 4.7.1
Wordpress Wordpress 4.7.2
Wordpress Wordpress 4.6.6
Wordpress Wordpress 4.6.5
Wordpress Wordpress 4.6.4
Wordpress Wordpress 4.5.7
Wordpress Wordpress 4.5.6
Wordpress Wordpress 4.5
Wordpress Wordpress 4.4.9
Wordpress Wordpress 4.4.11
Wordpress Wordpress 4.4.10
Wordpress Wordpress 4.3.5
Wordpress Wordpress 4.3.4
Wordpress Wordpress 4.3
Wordpress Wordpress 4.2.9
Wordpress Wordpress 4.2.16
Wordpress Wordpress 4.2.15
Wordpress Wordpress 4.2
Wordpress Wordpress 4.1.9
Wordpress Wordpress 4.1.2
Wordpress Wordpress 4.1.19
Wordpress Wordpress 4.1.11
2 Github repositories
NA
CVE-2014-5265
The Incutio XML-RPC (IXR) Library, as used in WordPress prior to 3.9.2 and Drupal 6.x prior to 6.33 and 7.x prior to 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote malicious users to cause a denial of service (memory a...
Wordpress Wordpress 3.0
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.3.1
Wordpress Wordpress 3.3.2
Wordpress Wordpress 3.3.3
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.1
Wordpress Wordpress 3.1.1
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.6
Wordpress Wordpress 3.6.1
Wordpress Wordpress 3.7
Wordpress Wordpress 3.7.1
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.0.6
Wordpress Wordpress 3.2
Wordpress Wordpress 3.3
Wordpress Wordpress 3.4.1
Wordpress Wordpress 3.5.0
NA
CVE-2014-5266
The Incutio XML-RPC (IXR) Library, as used in WordPress prior to 3.9.2 and Drupal 6.x prior to 6.33 and 7.x prior to 7.31, does not limit the number of elements in an XML document, which allows remote malicious users to cause a denial of service (CPU consumption) via a large docu...
Wordpress Wordpress 3.0
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.0.3
Wordpress Wordpress 3.3.1
Wordpress Wordpress 3.3.2
Wordpress Wordpress 3.3.3
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.0.6
Wordpress Wordpress 3.2
Wordpress Wordpress 3.3
Wordpress Wordpress 3.4.1
Wordpress Wordpress 3.5.0
Wordpress Wordpress 3.8.1
Wordpress Wordpress
Wordpress Wordpress 3.1.1
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.6
Wordpress Wordpress 3.6.1
6.1
CVSSv3
CVE-2022-43497
Cross-site scripting vulnerability in WordPress versions before 6.0.3 allows a remote unauthenticated malicious user to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.
Wordpress Wordpress
6.1
CVSSv3
CVE-2022-43500
Cross-site scripting vulnerability in WordPress versions before 6.0.3 allows a remote unauthenticated malicious user to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.
Wordpress Wordpress
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »