Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.0 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2016-10956
The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.
Mail-masta Project Mail-masta 1.0
3 Github repositories
5
CVSSv2
CVE-2017-18604
The sitebuilder-dynamic-components plugin up to and including 1.0 for WordPress has PHP object injection via an AJAX request.
Sitebuilder Dynamic Components Project Sitebuilder Dynamic Components
5
CVSSv2
CVE-2017-6514
WordPress 4.7.2 mishandles listings of post authors, which allows remote malicious users to obtain sensitive information (Path Disclosure) via a /wp-json/oembed/1.0/embed?url= request, related to the "author_name":" substring.
Wordpress Wordpress 4.7.2
5
CVSSv2
CVE-2018-16299
The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter.
Localize My Post Project Localize My Post 1.0
1 EDB exploit
5
CVSSv2
CVE-2015-4704
Directory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the File parameter to download.php.
Download Zip Attachments Project Download Zip Attachments 1.0
5
CVSSv2
CVE-2015-1000005
Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin
Candidate-application-form Project Candidate-application-form 1.0
5
CVSSv2
CVE-2015-1000010
Remote file download in simple-image-manipulator v1.0 wordpress plugin
Simple-image-manipulator Project Simple-image-manipulator 1.0
5
CVSSv2
CVE-2015-4703
Absolute path traversal vulnerability in mysqldump_download.php in the WordPress Rename plugin 1.0 for WordPress allows remote malicious users to read arbitrary files via a full pathname in the dumpfname parameter.
Rename Project Rename 1.0
5
CVSSv2
CVE-2014-5181
Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation (lastfm-rotation) plugin 1.0 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the snode parameter.
Last.fm Rotation Plugin Project Lastfm-rotation Plugin 1.0
5
CVSSv2
CVE-2012-3385
WordPress prior to 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors.
Wordpress Wordpress 3.0.5
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 1.2.3
Wordpress Wordpress 2.0.11
Wordpress Wordpress 1.3.3
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.1
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.2.4
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.0.4
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.2.1
Wordpress Wordpress 3.1.4
Wordpress Wordpress 2.2
Wordpress Wordpress 1.2.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »