Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.0.2 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-24472
The OnAir2 WordPress theme prior to 3.9.9.2 and QT KenthaRadio WordPress plugin prior to 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would a...
Qantumthemes Kentharadio
Qantumthemes Onair2
7.5
CVSSv2
CVE-2015-9323
The 404-to-301 plugin prior to 2.0.3 for WordPress has SQL injection.
Duckdev 404 To 301
7.5
CVSSv2
CVE-2014-4725
The MailPoet Newsletters (wysija-newsletters) plugin prior to 2.6.7 for WordPress allows remote malicious users to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/...
Mailpoet Mailpoet Newsletters 2.6.4
Mailpoet Mailpoet Newsletters 2.6.3
Mailpoet Mailpoet Newsletters 2.6.2
Mailpoet Mailpoet Newsletters 2.6.1
Mailpoet Mailpoet Newsletters 2.5.1
Mailpoet Mailpoet Newsletters 2.5
Mailpoet Mailpoet Newsletters 2.4.4
Mailpoet Mailpoet Newsletters 2.4.3
Mailpoet Mailpoet Newsletters 2.2
Mailpoet Mailpoet Newsletters 2.1.9
Mailpoet Mailpoet Newsletters 2.1.8
Mailpoet Mailpoet Newsletters 2.1.7
Mailpoet Mailpoet Newsletters 2.1.6
Mailpoet Mailpoet Newsletters 2.0.4
Mailpoet Mailpoet Newsletters
Mailpoet Mailpoet Newsletters 2.6
Mailpoet Mailpoet Newsletters 2.5.9.3
Mailpoet Mailpoet Newsletters 2.5.7
Mailpoet Mailpoet Newsletters 2.5.4
Mailpoet Mailpoet Newsletters 2.5.2
Mailpoet Mailpoet Newsletters 2.4.2
Mailpoet Mailpoet Newsletters 2.4
1 EDB exploit
7.5
CVSSv2
CVE-2014-4726
Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin prior to 2.6.8 for WordPress has unspecified impact and attack vectors.
Mailpoet Mailpoet Newsletters 2.6.4
Mailpoet Mailpoet Newsletters 2.6.2
Mailpoet Mailpoet Newsletters 2.5.9.1
Mailpoet Mailpoet Newsletters 2.5.8
Mailpoet Mailpoet Newsletters 2.5
Mailpoet Mailpoet Newsletters 2.4.3
Mailpoet Mailpoet Newsletters 2.3.4
Mailpoet Mailpoet Newsletters 2.3.2
Mailpoet Mailpoet Newsletters 2.1.9
Mailpoet Mailpoet Newsletters 2.1.7
Mailpoet Mailpoet Newsletters 2.1
Mailpoet Mailpoet Newsletters 2.0.9
Mailpoet Mailpoet Newsletters 2.0.4
Mailpoet Mailpoet Newsletters 2.0.2
Mailpoet Mailpoet Newsletters 1.1.1
Mailpoet Mailpoet Newsletters 1.0.1
Mailpoet Mailpoet Newsletters
Mailpoet Mailpoet Newsletters 2.6.6
Mailpoet Mailpoet Newsletters 2.6.5
Mailpoet Mailpoet Newsletters 2.5.7
Mailpoet Mailpoet Newsletters 2.5.5
Mailpoet Mailpoet Newsletters 2.5.4
7.5
CVSSv2
CVE-2011-4899
wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and previous versions does not ensure that the specified MySQL database service is appropriate, which allows remote malicious users to configure an arbitrary database via the dbhost and dbname parameters, ...
Wordpress Wordpress 3.0.5
Wordpress Wordpress 2.0.11
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.1
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.0.4
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.2.1
Wordpress Wordpress 0.711
Wordpress Wordpress 3.1.4
Wordpress Wordpress 2.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 0.7
Wordpress Wordpress 2.1.3
Wordpress Wordpress 3.0
Wordpress Wordpress 2.8
1 EDB exploit
7.5
CVSSv2
CVE-2008-3747
The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress prior to 2.6.1 do not force SSL communication in the intended situations, which might allow remote malicious users to gain administrative access by sniffing the networ...
Wordpress Wordpress 0.6.2
Wordpress Wordpress 0.6.2.1
Wordpress Wordpress 0.72
Wordpress Wordpress 1.0
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 1.5.2
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.7
Wordpress Wordpress 2.2.1
Wordpress Wordpress 2.2.2
Wordpress Wordpress 2.3
Wordpress Wordpress 2.5
Wordpress Wordpress 1.2
Wordpress Wordpress 1.5
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.0.5
Wordpress Wordpress 2.1.3
Wordpress Wordpress 2.2
Wordpress Wordpress 2.3.2
Wordpress Wordpress 0.711
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.2.2
7.5
CVSSv2
CVE-2008-2146
wp-includes/vars.php in Wordpress prior to 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote malicious users to bypass intended access restrictions for certain pages.
Wordpress Wordpress 0.6.2
Wordpress Wordpress 0.6.2.1
Wordpress Wordpress 1.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.5.1.1
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 2.0.10 Rc2
Wordpress Wordpress 2.0.11
Wordpress Wordpress 2.0.8
Wordpress Wordpress 2.0.9
Wordpress Wordpress 2.2
Wordpress Wordpress 2.2.0
Wordpress Wordpress 1.0.1
Wordpress Wordpress 1.0.2
Wordpress Wordpress 1.5-strayhorn
Wordpress Wordpress 1.5.1
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.10
Wordpress Wordpress 2.0.10 Rc1
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.7
Wordpress Wordpress 2.1.3 Rc1
7.5
CVSSv2
CVE-2007-4894
Multiple SQL injection vulnerabilities in Wordpress prior to 2.2.3 and Wordpress multi-user (MU) prior to 1.2.5a allow remote malicious users to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and ...
Wordpress Wordpress 0.6.2
Wordpress Wordpress 1.5
Wordpress Wordpress 1.5.1
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.0.3
Wordpress Wordpress 2.1.3 Rc1
Wordpress Wordpress 2.1.3 Rc2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.2.2
Wordpress Wordpress 2.0.10 Rc1
Wordpress Wordpress 2.0.10 Rc2
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.1.2
Wordpress Wordpress 2.1.3
Wordpress Wordpress 2.2 Revision5003
Wordpress Wordpress 0.71
Wordpress Wordpress 1.2
Wordpress Wordpress 2.0
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.7
Wordpress Wordpress 2.2.2
7.5
CVSSv2
CVE-2007-0233
wp-trackback.php in WordPress 2.0.6 and previous versions does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote malicious users to execute arbitrary SQL commands vi...
Wordpress Wordpress 0.6.2
Wordpress Wordpress 0.7
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 1.5.2
Wordpress Wordpress 2.0.6
Wordpress Wordpress 0.6.2.1
Wordpress Wordpress 1.5.1
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.0.5
Wordpress Wordpress 0.71
Wordpress Wordpress 1.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 2.0
Wordpress Wordpress 2.0.1
Wordpress Wordpress 1.2.2
Wordpress Wordpress 1.5
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.0.3
1 EDB exploit
7.5
CVSSv2
CVE-2006-2667
Direct static code injection vulnerability in WordPress 2.0.2 and previous versions allows remote malicious users to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1...
Wordpress Wordpress
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »