Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.5.3 vulnerabilities and exploits
(subscribe to this query)
7.1
CVSSv3
CVE-2016-6896
Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-...
Wordpress Wordpress 4.5.3
1 EDB exploit
2 Metasploit modules
6.5
CVSSv3
CVE-2016-6897
Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress prior to 4.6 allows remote malicious users to hijack the authentication of subscribers for /dev/random read operations by leveraging a late cal...
Wordpress Wordpress
1 EDB exploit
7.5
CVSSv3
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Wordpress Wordpress 4.7.1
Wordpress Wordpress 4.7.2
Wordpress Wordpress 4.6.6
Wordpress Wordpress 4.6.5
Wordpress Wordpress 4.6.4
Wordpress Wordpress 4.5.7
Wordpress Wordpress 4.5.6
Wordpress Wordpress 4.5
Wordpress Wordpress 4.4.9
Wordpress Wordpress 4.4.11
Wordpress Wordpress 4.4.10
Wordpress Wordpress 4.3.5
Wordpress Wordpress 4.3.4
Wordpress Wordpress 4.3
Wordpress Wordpress 4.2.9
Wordpress Wordpress 4.2.16
Wordpress Wordpress 4.2.15
Wordpress Wordpress 4.2
Wordpress Wordpress 4.1.9
Wordpress Wordpress 4.1.2
Wordpress Wordpress 4.1.19
Wordpress Wordpress 4.1.11
2 Github repositories
7.5
CVSSv3
CVE-2016-5836
The oEmbed protocol implementation in WordPress prior to 4.5.3 allows remote malicious users to cause a denial of service via unspecified vectors.
Wordpress Wordpress
1 Github repository
6.1
CVSSv3
CVE-2016-5833
Cross-site scripting (XSS) vulnerability in the column_title function in wp-admin/includes/class-wp-media-list-table.php in WordPress prior to 4.5.3 allows remote malicious users to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than ...
Wordpress Wordpress
7.5
CVSSv3
CVE-2016-5839
WordPress prior to 4.5.3 allows remote malicious users to bypass the sanitize_file_name protection mechanism via unspecified vectors.
Wordpress Wordpress
7.5
CVSSv3
CVE-2016-5832
The customizer in WordPress prior to 4.5.3 allows remote malicious users to bypass intended redirection restrictions via unspecified vectors.
Wordpress Wordpress
7.5
CVSSv3
CVE-2016-5838
WordPress prior to 4.5.3 allows remote malicious users to bypass intended password-change restrictions by leveraging knowledge of a cookie.
Wordpress Wordpress
7.5
CVSSv3
CVE-2016-5837
WordPress prior to 4.5.3 allows remote malicious users to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors.
Wordpress Wordpress
7.5
CVSSv3
CVE-2016-5835
WordPress prior to 4.5.3 allows remote malicious users to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php.
Wordpress Wordpress
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-24955
man-in-the-middle
dos
CVE-2024-2818
CVE-2024-30584
CVE-2024-31134
camera
CVE-2023-45866
CVE-2024-30585
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »