Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.0.11 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2007-2821
SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress prior to 2.2 allows remote malicious users to execute arbitrary SQL commands via the cookie parameter.
Wordpress Wordpress
1 EDB exploit
1 Github repository
6.8
CVSSv2
CVE-2013-4240
Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS Testimonials plugin prior to 2.0.11 for WordPress allow remote malicious users to hijack the authentication of administrators for requests that (1) add new testimonials via the hms-testimonials-addnew page, (2)...
Hitmyserver Hms Testimonials 2.0.7
Hitmyserver Hms Testimonials 2.0.6
Hitmyserver Hms Testimonials 2.0.5
Hitmyserver Hms Testimonials 2.0.4
Hitmyserver Hms Testimonials 1.3
Hitmyserver Hms Testimonials 1.2
Hitmyserver Hms Testimonials 1.1
Hitmyserver Hms Testimonials 2.0.9
Hitmyserver Hms Testimonials 2.0.2
Hitmyserver Hms Testimonials 2.0
Hitmyserver Hms Testimonials 1.6
Hitmyserver Hms Testimonials 1.4.1
Hitmyserver Hms Testimonials 1.7.1
Hitmyserver Hms Testimonials 1.7
Hitmyserver Hms Testimonials 1.6.2
Hitmyserver Hms Testimonials 1.6.1
Hitmyserver Hms Testimonials
Hitmyserver Hms Testimonials 2.0.8
Hitmyserver Hms Testimonials 2.0.3
Hitmyserver Hms Testimonials 2.0.1
Hitmyserver Hms Testimonials 1.5
Hitmyserver Hms Testimonials 1.4
1 EDB exploit
6.8
CVSSv2
CVE-2013-7233
Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that move comments to the moderation l...
Wordpress Wordpress 2.0
Wordpress Wordpress 2.0.1
Wordpress Wordpress
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.0.9
Wordpress Wordpress 2.0.10
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.0.5
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.7
Wordpress Wordpress 2.0.8
1 EDB exploit
6.8
CVSSv2
CVE-2012-3384
Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress prior to 3.4.1 allows remote malicious users to hijack the authentication of unspecified victims via unknown vectors.
Wordpress Wordpress
Wordpress Wordpress 3.3.3
Wordpress Wordpress 3.3.2
Wordpress Wordpress 3.3
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.0
Wordpress Wordpress 2.9.2
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.1.1
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.0.6
Wordpress Wordpress 2.1.3
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.3
Wordpress Wordpress 2.0.8
Wordpress Wordpress 2.2.2
Wordpress Wordpress 2.3.2
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.10
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.8.5
Wordpress Wordpress 2.8.5.1
6.8
CVSSv2
CVE-2012-1936
The wp_create_nonce function in wp-includes/pluggable.php in WordPress 3.3.1 and previous versions associates a nonce with a user account instead of a user session, which might make it easier for remote malicious users to conduct cross-site request forgery (CSRF) attacks on speci...
Wordpress Wordpress 3.0.5
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 1.2.3
Wordpress Wordpress 2.0.11
Wordpress Wordpress 1.3.3
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.1
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.2.4
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.0.4
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.2.1
Wordpress Wordpress 3.1.4
Wordpress Wordpress 2.2
Wordpress Wordpress 1.2.1
1 EDB exploit
6.5
CVSSv2
CVE-2015-2673
The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 up to and including 3.0.20 for WordPress allow remote malicious users to gain administrator privileges and execute arbitrary code via the opti...
Wpeasycart Wp Easycart 1.2.9
Wpeasycart Wp Easycart 1.2.8
Wpeasycart Wp Easycart 1.2.7
Wpeasycart Wp Easycart 1.2.6
Wpeasycart Wp Easycart 2.0.2
Wpeasycart Wp Easycart 2.0.3
Wpeasycart Wp Easycart 2.0.4
Wpeasycart Wp Easycart 2.0.5
Wpeasycart Wp Easycart 2.0.20
Wpeasycart Wp Easycart 2.0.21
Wpeasycart Wp Easycart 2.0.22
Wpeasycart Wp Easycart 2.1.0
Wpeasycart Wp Easycart 2.1.13
Wpeasycart Wp Easycart 2.1.14
Wpeasycart Wp Easycart 2.1.15
Wpeasycart Wp Easycart 2.1.16
Wpeasycart Wp Easycart 2.1.17
Wpeasycart Wp Easycart 2.1.30
Wpeasycart Wp Easycart 2.1.31
Wpeasycart Wp Easycart 2.1.32
Wpeasycart Wp Easycart 2.1.33
Wpeasycart Wp Easycart 3.0.12
6.5
CVSSv2
CVE-2010-5106
The XML-RPC remote publishing interface in xmlrpc.php in WordPress prior to 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role...
Wordpress Wordpress 2.5.1
Wordpress Wordpress 2.1.3
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.3
Wordpress Wordpress 2.0.8
Wordpress Wordpress 2.8
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.10
Wordpress Wordpress 2.0.11
Wordpress Wordpress 2.6.2
Wordpress Wordpress 2.2
Wordpress Wordpress 2.3.3
Wordpress Wordpress 2.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.3.2
Wordpress Wordpress 2.0.5
Wordpress Wordpress 2.0.7
Wordpress Wordpress 2.9.1
Wordpress Wordpress 2.5
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 2.8.2
Wordpress Wordpress 1.5
6.4
CVSSv2
CVE-2014-0166
The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress prior to 3.7.2 and 3.8.x prior to 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote malicious users to obtain access via a forged cookie.
Wordpress Wordpress 3.6
Wordpress Wordpress 3.5.1
Wordpress Wordpress 3.3.1
Wordpress Wordpress 3.3
Wordpress Wordpress 3.1
Wordpress Wordpress 3.0.6
Wordpress Wordpress 2.9.2
Wordpress Wordpress 2.9.1.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress
Wordpress Wordpress 3.8
Wordpress Wordpress 3.4.1
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.0.3
Wordpress Wordpress 3.0.2
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 2.8
Wordpress Wordpress 2.7.1
Wordpress Wordpress 2.5.1
1 Github repository
6.4
CVSSv2
CVE-2013-0235
The XMLRPC API in WordPress prior to 3.5.1 allows remote malicious users to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue.
Wordpress Wordpress 2.6.2
Wordpress Wordpress 2.1.3
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.3
Wordpress Wordpress 2.2.2
Wordpress Wordpress 2.3.2
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.10
Wordpress Wordpress 2.6.5
Wordpress Wordpress 2.5
Wordpress Wordpress 2.8.3
Wordpress Wordpress 2.7.1
Wordpress Wordpress 2.8.5
Wordpress Wordpress 1.5.1
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.2.2
Wordpress Wordpress 1.0.2
Wordpress Wordpress
Wordpress Wordpress 3.3.2
Wordpress Wordpress 2.0.11
Wordpress Wordpress 2.0.8
Wordpress Wordpress 2.0.9
6.4
CVSSv2
CVE-2008-0664
The XML-RPC implementation (xmlrpc.php) in WordPress prior to 2.3.3, when registration is enabled, allows remote malicious users to edit posts of other blog users via unknown vectors.
Wordpress Wordpress 1.5
Wordpress Wordpress 1.5.1
Wordpress Wordpress 2.0.10 Rc2
Wordpress Wordpress 2.0.11
Wordpress Wordpress 2.1
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.2
Wordpress Wordpress 2.2.3
Wordpress Wordpress 1.2.2
Wordpress Wordpress 1.3.1
Wordpress Wordpress 2.0.10
Wordpress Wordpress 2.0.10 Rc1
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.7
Wordpress Wordpress 2.2
Wordpress Wordpress 2.2.1
Wordpress Wordpress 1.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.5.2
Wordpress Wordpress 2.0
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »