Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.1 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-16510
WordPress prior to 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-1...
Wordpress Wordpress
9.8
CVSSv3
CVE-2017-14723
Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.
Wordpress Wordpress
1 Github repository
8.8
CVSSv3
CVE-2022-47177
Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay WP EasyPay – Square for WordPress plugin <= 4.1 versions.
Wpeasypay Wp Easypay
8.8
CVSSv3
CVE-2021-24803
The Core Tweaks WP Setup WordPress plugin up to and including 4.1 allows to bulk-set many settings in WordPress, including the admin email, as well as creating a new admin account. There is no CSRF protection in place, allowing an malicious user to arbitrary change the admin emai...
Core Tweaks Wp Setup Project Core Tweaks Wp Setup
8.8
CVSSv3
CVE-2017-17091
wp-admin/user-new.php in WordPress prior to 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote malicious users to bypass intended access restrictions by entering this string.
Wordpress Wordpress
2 Github repositories
8.8
CVSSv3
CVE-2017-9064
In WordPress prior to 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
8.8
CVSSv3
CVE-2016-6635
Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress prior to 4.5 allows remote malicious users to hijack the authentication of administrators for requests that change the script compression...
Wordpress Wordpress
8.6
CVSSv3
CVE-2017-9066
In WordPress prior to 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
8.6
CVSSv3
CVE-2017-9062
In WordPress prior to 4.7.5, there is improper handling of post meta data values in the XML-RPC API.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
8.6
CVSSv3
CVE-2016-4029
WordPress prior to 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote malicious users to bypass an intended SSRF protection mechanism via a crafted address.
Wordpress Wordpress
Debian Debian Linux 8.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »