Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.5.1 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2012-2109
SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x prior to 1.5.5 of WordPress allows remote malicious users to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action.
Buddypress Buddypress 1.5
Buddypress Buddypress 1.5.2
Buddypress Buddypress 1.5.3
Buddypress Buddypress 1.5.3.1
Buddypress Buddypress 1.5.4
Buddypress Buddypress 1.5.1
1 EDB exploit
7.5
CVSSv2
CVE-2011-4899
wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and previous versions does not ensure that the specified MySQL database service is appropriate, which allows remote malicious users to configure an arbitrary database via the dbhost and dbname parameters, ...
Wordpress Wordpress 3.0.5
Wordpress Wordpress 2.0.11
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.1
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.0.4
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.2.1
Wordpress Wordpress 0.711
Wordpress Wordpress 3.1.4
Wordpress Wordpress 2.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 0.7
Wordpress Wordpress 2.1.3
Wordpress Wordpress 3.0
Wordpress Wordpress 2.8
1 EDB exploit
7.5
CVSSv2
CVE-2009-2144
SQL injection vulnerability in the FireStats plugin prior to 1.6.2-stable for WordPress allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Edgewall Firestats 0.9.0-beta
Edgewall Firestats 0.9.2-beta
Edgewall Firestats 0.9.4-beta
Edgewall Firestats 0.9.3-beta
Edgewall Firestats 1.1.3
Edgewall Firestats 1.1.4
Edgewall Firestats 1.1.5
Edgewall Firestats 1.1.6
Edgewall Firestats 1.3.0-beta
Edgewall Firestats 1.4.4
Edgewall Firestats 1.4.3
Edgewall Firestats 1.4
Edgewall Firestats 1.5.12
Edgewall Firestats 1.5
Edgewall Firestats 1.6.0-beta1
Edgewall Firestats 1.6.0-beta2
Edgewall Firestats 1.6
Firestats Firestats 1.6.0
Edgewall Firestats 0.9.1-beta
Edgewall Firestats 0.9.5-beta
Edgewall Firestats 0.9.7-beta
Edgewall Firestats 0.9.9
7.5
CVSSv2
CVE-2009-2143
PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin prior to 1.6.2-stable for WordPress allows remote malicious users to execute arbitrary PHP code via a URL in the fs_javascript parameter.
Firestats Firestats 1.6.0
Firestats Firestats 1.6.0-beta1
Firestats Firestats 0.9.0-beta
Firestats Firestats 0.9.1-beta
Firestats Firestats 0.9.8-beta
Firestats Firestats 0.9.9
Firestats Firestats 1.1.3
Firestats Firestats 1.2.1
Firestats Firestats 1.2.2
Firestats Firestats 1.6.0-beta2
Firestats Firestats 0.9.2-beta
Firestats Firestats 1.3.4
Firestats Firestats 1.3.5
Firestats Firestats 1.3.6
Firestats Firestats 1.5
Firestats Firestats 1.5.0-beta
Firestats Firestats 1.5.5
Firestats Firestats 1.5.7
Firestats Firestats 0.9.6-beta
Firestats Firestats 0.9.7-beta
Firestats Firestats 1.1.1
Firestats Firestats 1.1.2
7.5
CVSSv2
CVE-2008-2146
wp-includes/vars.php in Wordpress prior to 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote malicious users to bypass intended access restrictions for certain pages.
Wordpress Wordpress 0.6.2
Wordpress Wordpress 0.6.2.1
Wordpress Wordpress 1.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.5.1.1
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 2.0.10 Rc2
Wordpress Wordpress 2.0.11
Wordpress Wordpress 2.0.8
Wordpress Wordpress 2.0.9
Wordpress Wordpress 2.2
Wordpress Wordpress 2.2.0
Wordpress Wordpress 1.0.1
Wordpress Wordpress 1.0.2
Wordpress Wordpress 1.5-strayhorn
Wordpress Wordpress 1.5.1
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.10
Wordpress Wordpress 2.0.10 Rc1
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.7
Wordpress Wordpress 2.1.3 Rc1
7.5
CVSSv2
CVE-2007-4894
Multiple SQL injection vulnerabilities in Wordpress prior to 2.2.3 and Wordpress multi-user (MU) prior to 1.2.5a allow remote malicious users to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and ...
Wordpress Wordpress 0.6.2
Wordpress Wordpress 1.5
Wordpress Wordpress 1.5.1
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.0.3
Wordpress Wordpress 2.1.3 Rc1
Wordpress Wordpress 2.1.3 Rc2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.2.2
Wordpress Wordpress 2.0.10 Rc1
Wordpress Wordpress 2.0.10 Rc2
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.1.2
Wordpress Wordpress 2.1.3
Wordpress Wordpress 2.2 Revision5003
Wordpress Wordpress 0.71
Wordpress Wordpress 1.2
Wordpress Wordpress 2.0
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.7
Wordpress Wordpress 2.2.2
7.5
CVSSv2
CVE-2007-0233
wp-trackback.php in WordPress 2.0.6 and previous versions does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote malicious users to execute arbitrary SQL commands vi...
Wordpress Wordpress 0.6.2
Wordpress Wordpress 0.7
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 1.5.2
Wordpress Wordpress 2.0.6
Wordpress Wordpress 0.6.2.1
Wordpress Wordpress 1.5.1
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.0.5
Wordpress Wordpress 0.71
Wordpress Wordpress 1.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 2.0
Wordpress Wordpress 2.0.1
Wordpress Wordpress 1.2.2
Wordpress Wordpress 1.5
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.0.3
1 EDB exploit
7.5
CVSSv2
CVE-2005-2612
Direct code injection vulnerability in WordPress 1.5.1.3 and previous versions allows remote malicious users to execute arbitrary PHP code via the cache_lastpostdate[server] cookie.
Wordpress Wordpress 1.5.1
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 1.0
Wordpress Wordpress 1.0.1
Wordpress Wordpress 1.2
Wordpress Wordpress 1.0.2
Wordpress Wordpress 1.5
1 EDB exploit
7.5
CVSSv2
CVE-2005-2108
SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and previous versions allows remote malicious users to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file.
Wordpress Wordpress 1.0
Wordpress Wordpress 1.0.1
Wordpress Wordpress 1.5
Wordpress Wordpress 1.5.1
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 1.0.2
Wordpress Wordpress 1.2
1 EDB exploit
7.5
CVSSv2
CVE-2005-1810
SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote malicious users to execute arbitrary SQL commands via the $cat_ID variable, as demonstrated using the cat parameter to index.php.
Wordpress Wordpress 1.5.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2024-5274
CVE-2020-17519
CVE-2024-35340
CVE-2021-47558
local
XML injection
CVE-2021-47519
CVE-2021-47543
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »