Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress mu vulnerabilities and exploits
(subscribe to this query)
8.5
CVSSv2
CVE-2008-5695
wp-admin/options.php in WordPress MU prior to 1.3.2, and WordPress 2.3.2 and previous versions, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploadin...
Wordpress Wordpress
Wordpress Wordpress Mu
1 EDB exploit
7.5
CVSSv2
CVE-2007-4894
Multiple SQL injection vulnerabilities in Wordpress prior to 2.2.3 and Wordpress multi-user (MU) prior to 1.2.5a allow remote malicious users to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and ...
Wordpress Wordpress 0.6.2
Wordpress Wordpress 1.5
Wordpress Wordpress 1.5.1
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.0.3
Wordpress Wordpress 2.1.3 Rc1
Wordpress Wordpress 2.1.3 Rc2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.2.2
Wordpress Wordpress 2.0.10 Rc1
Wordpress Wordpress 2.0.10 Rc2
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.1.2
Wordpress Wordpress 2.1.3
Wordpress Wordpress 2.2 Revision5003
Wordpress Wordpress 0.71
Wordpress Wordpress 1.2
Wordpress Wordpress 2.0
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.7
Wordpress Wordpress 2.2.2
6.5
CVSSv2
CVE-2007-3544
Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom f...
Wordpress Wordpress
Wordpress Wordpress Mu
6
CVSSv2
CVE-2007-3543
Unrestricted file upload vulnerability in WordPress prior to 2.2.1 and WordPress MU prior to 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending ...
Wordpress Wordpress Mu
Wordpress Wordpress
5
CVSSv2
CVE-2009-2336
The forgotten mail interface in WordPress and WordPress MU prior to 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote malicious users to enumerate valid usernames. NOTE: the vendor reportedly disputes the si...
Wordpress Wordpress
Wordpress Wordpress Mu
5
CVSSv2
CVE-2009-2432
WordPress and WordPress MU prior to 2.8.1 allow remote malicious users to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message.
Wordpress Wordpress 2.6
Wordpress Wordpress 2.5.1
Wordpress Wordpress 2.3
Wordpress Wordpress 2.2 Revision5003
Wordpress Wordpress 2.1
Wordpress Wordpress 2.1.3 Rc2
Wordpress Wordpress 2.0.8
Wordpress Wordpress 2.0.7
Wordpress Wordpress 2.0.10 Rc1
Wordpress Wordpress 2.0.10
Wordpress Wordpress 1.5.1.1
Wordpress Wordpress 1.5.1
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.2-mingus
Wordpress Wordpress 1.0.2
Wordpress Wordpress 1.0.1-miles
Wordpress Wordpress 0.72
Wordpress Wordpress 0.711
Wordpress Wordpress 0.6.2
Wordpress Wordpress 2.6.1
Wordpress Wordpress 2.6.3
Wordpress Wordpress Mu 1.2.4
5
CVSSv2
CVE-2009-2335
WordPress and WordPress MU prior to 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote malicious users to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, ind...
Wordpress Wordpress
Wordpress Wordpress Mu
1 EDB exploit
3 Github repositories
4.9
CVSSv2
CVE-2009-2334
wp-admin/admin.php in WordPress and WordPress MU prior to 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote malicious users to specify a configuration file in the page parameter to obtain sensitive information or mod...
Wordpress Wordpress 2.3.3
Wordpress Wordpress 2.3.2
Wordpress Wordpress 2.2.2
Wordpress Wordpress 2.2.1
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.1
Wordpress Wordpress 2.6
Wordpress Wordpress 2.3.1
Wordpress Wordpress 2.2.0
Wordpress Wordpress 2.2
Wordpress Wordpress 2.0.9
Wordpress Wordpress 2.0.8
Wordpress Wordpress 2.0.11
Wordpress Wordpress 2.0.10 Rc2
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 1.2.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 2.5.1
Wordpress Wordpress 2.5
Wordpress Wordpress 2.3
Wordpress Wordpress 2.2 Revision5003
1 EDB exploit
4.3
CVSSv2
CVE-2009-1030
Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) prior to 2.7 allows remote malicious users to inject arbitrary web script or HTML via the HTTP Host header.
Wordpress Wordpress Mu 1.0
Wordpress Wordpress Mu 1.2.4
Wordpress Wordpress Mu 1.2.5a
Wordpress Wordpress Mu 2.6.3
Wordpress Wordpress Mu 2.6.5
Wordpress Wordpress Mu 1.2.2
Wordpress Wordpress Mu 1.1.1
Wordpress Wordpress Mu 1.1
Wordpress Wordpress Mu 1.5
Wordpress Wordpress Mu 1.5.1
Wordpress Wordpress Mu 1.3
Wordpress Wordpress Mu 1.2.3
Wordpress Wordpress Mu 1.3.2
Wordpress Wordpress Mu 1.3.3
Wordpress Wordpress Mu 2.7
Wordpress Wordpress Mu
Wordpress Wordpress Mu 1.3.1
Wordpress Wordpress Mu 1.2
Wordpress Wordpress Mu 1.2.1
Wordpress Wordpress Mu 2.6.1
Wordpress Wordpress Mu 2.6.2
1 EDB exploit
4.3
CVSSv2
CVE-2008-4671
Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) prior to 2.6 allows remote malicious users to inject arbitrary web script or HTML via the (1) s and (2) ip_address parameters.
Wordpress Wordpress Mu 1.3.1
Wordpress Wordpress Mu 1.3
Wordpress Wordpress Mu 1.2.3
Wordpress Wordpress Mu 1.2.2
Wordpress Wordpress Mu 1.0
Wordpress Wordpress Mu
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »