Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.7 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2017-1001000
The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x prior to 4.7.2 does not require an integer identifier, which allows remote malicious users to modify arbitrary pages via a request for wp-json/wp/v...
Wordpress Wordpress 4.7.1
Wordpress Wordpress 4.7
Wordpress Wordpress 4.7.2
1 Nmap script
3 Github repositories
7.5
CVSSv3
CVE-2017-14722
Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.
Wordpress Wordpress 4.7.5
Wordpress Wordpress 4.8
Wordpress Wordpress 4.7.3
Wordpress Wordpress 4.7.4
Wordpress Wordpress 4.7
Wordpress Wordpress 4.8.1
Wordpress Wordpress 4.7.1
Wordpress Wordpress 4.7.2
7.5
CVSSv3
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Wordpress Wordpress 4.7.1
Wordpress Wordpress 4.7.2
Wordpress Wordpress 4.6.6
Wordpress Wordpress 4.6.5
Wordpress Wordpress 4.6.4
Wordpress Wordpress 4.5.7
Wordpress Wordpress 4.5.6
Wordpress Wordpress 4.5
Wordpress Wordpress 4.4.9
Wordpress Wordpress 4.4.11
Wordpress Wordpress 4.4.10
Wordpress Wordpress 4.3.5
Wordpress Wordpress 4.3.4
Wordpress Wordpress 4.3
Wordpress Wordpress 4.2.9
Wordpress Wordpress 4.2.16
Wordpress Wordpress 4.2.15
Wordpress Wordpress 4.2
Wordpress Wordpress 4.1.9
Wordpress Wordpress 4.1.2
Wordpress Wordpress 4.1.19
Wordpress Wordpress 4.1.11
2 Github repositories
5.3
CVSSv3
CVE-2017-5487
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 prior to 4.7.1 does not properly restrict listings of post authors, which allows remote malicious users to obtain sensitive information via a wp-json/wp/v2/users requ...
Wordpress Wordpress
1 EDB exploit
21 Github repositories
4.3
CVSSv3
CVE-2023-39999
Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 up to and including 6.3.1, from 6.2 up to and including 6.2.2, from 6.1 up to and including 6.13, from 6.0 up to and including 6.0.5, from 5.9 up to and including 5.9.7, from 5.8 up to and including ...
Wordpress Wordpress
Fedoraproject Fedora 37
Fedoraproject Fedora 38
NA
CVE-2013-2703
Cross-site request forgery (CSRF) vulnerability in the Facebook Members plugin prior to 5.0.5 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that modify this plugin's settings.
Crunchify Facebook Members 5.0
Crunchify Facebook Members 4.7
Crunchify Facebook Members 4.6.1
Crunchify Facebook Members 4.6
Crunchify Facebook Members 4.5.3
Crunchify Facebook Members
Crunchify Facebook Members 5.0.2
Crunchify Facebook Members 5.0.3
Crunchify Facebook Members 5.0.1
9.8
CVSSv3
CVE-2017-18571
The search-everything plugin prior to 8.1.7 for WordPress has SQL injection related to WordPress 4.7.x, a different vulnerability than CVE-2014-2316.
Search Everything Project Search Everything
NA
CVE-2014-4552
Cross-site scripting (XSS) vulnerability in library/includes/payment/paypalexpress/DoDirectPayment.php in the Spotlight (spotlightyour) plugin 4.7 and previous versions for WordPress allows remote malicious users to inject arbitrary web script or HTML via the paymentType paramete...
Spotlightyour Spotlightyour
NA
CVE-2024-2220
The Button contact VR WordPress plugin up to and including 4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for exampl...
8.8
CVSSv3
CVE-2021-24487
The St-Daily-Tip WordPress plugin up to and including 4.7 does not have any CSRF check in place when saving its 'Default Text to Display if no tips' setting, and was also lacking sanitisation as well as escaping before outputting it the page. This could allow malicious ...
Sanskruti St-daily-tip
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »