Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.1 vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2022-3590
WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden.
Wordpress Wordpress
Wordpress Wordpress 4.1
1 Github repository
NA
CVE-2015-3439
Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x prior to 4.1.2 and other products, allows remote malicious users to execute same-origin JavaScript functions via the ...
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Wordpress Wordpress 3.9.3
Wordpress Wordpress 4.0
Wordpress Wordpress 3.9.0
Wordpress Wordpress 4.1.1
Wordpress Wordpress 3.9.1
Wordpress Wordpress 3.9.2
Wordpress Wordpress 4.0.1
Wordpress Wordpress 4.1
7.5
CVSSv3
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Wordpress Wordpress 4.7.1
Wordpress Wordpress 4.7.2
Wordpress Wordpress 4.6.6
Wordpress Wordpress 4.6.5
Wordpress Wordpress 4.6.4
Wordpress Wordpress 4.5.7
Wordpress Wordpress 4.5.6
Wordpress Wordpress 4.5
Wordpress Wordpress 4.4.9
Wordpress Wordpress 4.4.11
Wordpress Wordpress 4.4.10
Wordpress Wordpress 4.3.5
Wordpress Wordpress 4.3.4
Wordpress Wordpress 4.3
Wordpress Wordpress 4.2.9
Wordpress Wordpress 4.2.16
Wordpress Wordpress 4.2.15
Wordpress Wordpress 4.2
Wordpress Wordpress 4.1.9
Wordpress Wordpress 4.1.2
Wordpress Wordpress 4.1.19
Wordpress Wordpress 4.1.11
2 Github repositories
7.5
CVSSv3
CVE-2017-14722
Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.
Wordpress Wordpress 4.7.5
Wordpress Wordpress 4.8
Wordpress Wordpress 4.7.3
Wordpress Wordpress 4.7.4
Wordpress Wordpress 4.7
Wordpress Wordpress 4.8.1
Wordpress Wordpress 4.7.1
Wordpress Wordpress 4.7.2
7.5
CVSSv3
CVE-2016-5839
WordPress prior to 4.5.3 allows remote malicious users to bypass the sanitize_file_name protection mechanism via unspecified vectors.
Wordpress Wordpress
7.5
CVSSv3
CVE-2016-5832
The customizer in WordPress prior to 4.5.3 allows remote malicious users to bypass intended redirection restrictions via unspecified vectors.
Wordpress Wordpress
7.5
CVSSv3
CVE-2016-5838
WordPress prior to 4.5.3 allows remote malicious users to bypass intended password-change restrictions by leveraging knowledge of a cookie.
Wordpress Wordpress
6.1
CVSSv3
CVE-2016-6634
Cross-site scripting (XSS) vulnerability in the network settings page in WordPress prior to 4.5 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Wordpress Wordpress
1 Github repository
7.5
CVSSv3
CVE-2016-5837
WordPress prior to 4.5.3 allows remote malicious users to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors.
Wordpress Wordpress
8.8
CVSSv3
CVE-2016-6635
Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress prior to 4.5 allows remote malicious users to hijack the authentication of administrators for requests that change the script compression...
Wordpress Wordpress
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »