Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.1.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-3439
Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x prior to 4.1.2 and other products, allows remote malicious users to execute same-origin JavaScript functions via the ...
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Wordpress Wordpress 4.0.1
Wordpress Wordpress 4.1.1
Wordpress Wordpress 3.9.3
Wordpress Wordpress 3.9.2
Wordpress Wordpress 3.9.0
Wordpress Wordpress 4.0
Wordpress Wordpress 4.1
Wordpress Wordpress 3.9.1
7.5
CVSSv3
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Wordpress Wordpress 3.0.5
Wordpress Wordpress 4.0.1
Wordpress Wordpress 3.6.1
Wordpress Wordpress 4.1.1
Wordpress Wordpress 3.7
Wordpress Wordpress 3.9.3
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.2.1
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.0
Wordpress Wordpress 3.8.3
Wordpress Wordpress 3.2
Wordpress Wordpress 3.3.3
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.9.2
Wordpress Wordpress 3.7.1
Wordpress Wordpress 4.5.3
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.7.4
Wordpress Wordpress 3.8.2
Wordpress Wordpress 4.7.1
Wordpress Wordpress 3.0.4
2 Github repositories
NA
CVE-2013-1636
Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin prior to 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 up to and including 4.2.9 and 4.3.0 u...
Blair Williams Pretty Link Lite 1.6.1
Blair Williams Pretty Link Lite 1.6.0
Blair Williams Pretty Link Lite
Joobi Com Jnews 8.0.1
Civicrm Civicrm 3.1.3
Civicrm Civicrm 4.2.5
Civicrm Civicrm 3.1.0
Civicrm Civicrm 4.1.2
Civicrm Civicrm 4.3.1
Civicrm Civicrm 4.1.4
Civicrm Civicrm 4.2.8
Civicrm Civicrm 4.1.1
Civicrm Civicrm 4.2.7
Civicrm Civicrm 3.4.0
Civicrm Civicrm 4.3.0
Civicrm Civicrm 3.3.1
Civicrm Civicrm 3.1.1
Civicrm Civicrm 3.3.0
Civicrm Civicrm 3.2.4
Civicrm Civicrm 3.2.1
Civicrm Civicrm 3.2.3
Civicrm Civicrm 3.3.5
1 EDB exploit
NA
CVE-2008-4107
The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows malicious users to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset funct...
Php Php 4.3.9
Php Php 4.0
Php Php 4.2.0
Php Php 4.4.4
Php Php 4.1.0
Php Php 4.3.4
Php Php 4.3.0
Php Php 4.0.5
Php Php 4.3.6
Php Php 4.0.7
Php Php 4.3.7
Php Php 4.2.2
Php Php 4.4.2
Php Php 4.3.2
Php Php 4.3.11
Php Php 4.0.0
Php Php 4.0.3
Php Php 4.0.2
Php Php 4.3.3
Php Php 4.1.1
Php Php 4.4.3
Php Php 4.2.3
6.5
CVSSv3
CVE-2016-11011
The wp-invoice plugin prior to 4.1.1 for WordPress has wpi_update_user_option privilege escalation.
Usabilitydynamics Wp-invoice
4.3
CVSSv3
CVE-2022-38058
Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin <= 4.1.1 at WordPress.
Wpvar Wp Shamsi
5.3
CVSSv3
CVE-2016-11006
The wp-invoice plugin prior to 4.1.1 for WordPress has incorrect access control for admin_init settings changes.
Usabilitydynamics Wp-invoice
5.3
CVSSv3
CVE-2016-11007
The wp-invoice plugin prior to 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.
Usabilitydynamics Wp-invoice
5.3
CVSSv3
CVE-2016-11008
The wp-invoice plugin prior to 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates.
Usabilitydynamics Wp-invoice
5.3
CVSSv3
CVE-2016-11009
The wp-invoice plugin prior to 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates.
Usabilitydynamics Wp-invoice
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »