Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.0.7 vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2018-20156
The WP Maintenance Mode plugin prior to 2.0.7 for WordPress allows remote authenticated "site administrator" users to execute arbitrary PHP code throughout a multisite network.
Designmodo Wp Maintenance Mode
8.8
CVSSv3
CVE-2018-10233
The User Profile & Membership plugin prior to 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. This is a structural finding throughout the entire plugin.
Ultimatemember User Profile & Membership
8.8
CVSSv3
CVE-2015-2673
The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 up to and including 3.0.20 for WordPress allow remote malicious users to gain administrator privileges and execute arbitrary code via the opti...
Wpeasycart Wp Easycart 2.0.1
Wpeasycart Wp Easycart 1.2.16
Wpeasycart Wp Easycart 1.2.15
Wpeasycart Wp Easycart 1.2.14
Wpeasycart Wp Easycart 1.2.13
Wpeasycart Wp Easycart 1.2.12
Wpeasycart Wp Easycart 1.2.11
Wpeasycart Wp Easycart 1.2.10
Wpeasycart Wp Easycart 1.2.9
Wpeasycart Wp Easycart 1.2.8
Wpeasycart Wp Easycart 1.2.7
Wpeasycart Wp Easycart 1.2.6
Wpeasycart Wp Easycart 1.2.5
Wpeasycart Wp Easycart 1.2.4
Wpeasycart Wp Easycart 1.2.3
Wpeasycart Wp Easycart 1.2.2
Wpeasycart Wp Easycart 1.2.1
Wpeasycart Wp Easycart 1.2.0
Wpeasycart Wp Easycart 1.1.36
Wpeasycart Wp Easycart 1.1.35
Wpeasycart Wp Easycart 1.1.34
Wpeasycart Wp Easycart 1.1.33
8.8
CVSSv3
CVE-2015-9228
In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php.
Imagely Nextgen Gallery 2.1.10
Imagely Nextgen Gallery 2.1.9
Imagely Nextgen Gallery 2.1.7
Imagely Nextgen Gallery 2.1.2
Imagely Nextgen Gallery 2.1.0
Imagely Nextgen Gallery 2.0.79
Imagely Nextgen Gallery 2.0.78.1
Imagely Nextgen Gallery 2.0.78
Imagely Nextgen Gallery 2.0.77
Imagely Nextgen Gallery 2.0.76
Imagely Nextgen Gallery 2.0.74
Imagely Nextgen Gallery 2.0.71
Imagely Nextgen Gallery 2.0.66.33
Imagely Nextgen Gallery 2.0.66.31
Imagely Nextgen Gallery 2.0.66.29
Imagely Nextgen Gallery 2.0.66.27
Imagely Nextgen Gallery 2.0.66.26
Imagely Nextgen Gallery 2.0.66.17
Imagely Nextgen Gallery 2.0.66.16
Imagely Nextgen Gallery 2.0.66
Imagely Nextgen Gallery 2.0.65
Imagely Nextgen Gallery 2.0.63
NA
CVE-2014-9129
Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin prior to 2.0.7 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the addons_t...
Cminds Cm Download Manager
NA
CVE-2014-8585
Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.
Wpdownloadmanager Wordpress Download Manager 1.1
Wpdownloadmanager Wordpress Download Manager 1.2
Wpdownloadmanager Wordpress Download Manager 1.2.1
Wpdownloadmanager Wordpress Download Manager 1.2.2
Wpdownloadmanager Wordpress Download Manager 1.2.3
Wpdownloadmanager Wordpress Download Manager 1.2.4
Wpdownloadmanager Wordpress Download Manager 1.2.5
Wpdownloadmanager Wordpress Download Manager 1.3
Wpdownloadmanager Wordpress Download Manager 1.4
Wpdownloadmanager Wordpress Download Manager 1.5
Wpdownloadmanager Wordpress Download Manager 1.5.1
Wpdownloadmanager Wordpress Download Manager 1.5.2
Wpdownloadmanager Wordpress Download Manager 1.5.3
Wpdownloadmanager Wordpress Download Manager 1.5.9
Wpdownloadmanager Wordpress Download Manager 1.5.32
Wpdownloadmanager Wordpress Download Manager 1.5.33
Wpdownloadmanager Wordpress Download Manager 2.0.1
Wpdownloadmanager Wordpress Download Manager 2.0.2
Wpdownloadmanager Wordpress Download Manager 2.0.3
Wpdownloadmanager Wordpress Download Manager 2.0.4
Wpdownloadmanager Wordpress Download Manager 2.0.5
Wpdownloadmanager Wordpress Download Manager 2.0.6
NA
CVE-2014-3907
Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin prior to 2.6.11 for WordPress allows remote malicious users to hijack the authentication of arbitrary users.
Mailpoet Mailpoet Newsletters 2.1.1
Mailpoet Mailpoet Newsletters 2.0.6
Mailpoet Mailpoet Newsletters 1.1.5
Mailpoet Mailpoet Newsletters 2.0
Mailpoet Mailpoet Newsletters 2.6.6
Mailpoet Mailpoet Newsletters 2.1.2
Mailpoet Mailpoet Newsletters 2.6.3
Mailpoet Mailpoet Newsletters 1.0.1
Mailpoet Mailpoet Newsletters 2.5.4
Mailpoet Mailpoet Newsletters 0.9.2
Mailpoet Mailpoet Newsletters 2.3.1
Mailpoet Mailpoet Newsletters 2.4.1
Mailpoet Mailpoet Newsletters 2.3.2
Mailpoet Mailpoet Newsletters 2.6
Mailpoet Mailpoet Newsletters 2.5.9.3
Mailpoet Mailpoet Newsletters 2.0.7
Mailpoet Mailpoet Newsletters 2.0.8
Mailpoet Mailpoet Newsletters 2.0.9
Mailpoet Mailpoet Newsletters 2.4.4
Mailpoet Mailpoet Newsletters 2.6.4
Mailpoet Mailpoet Newsletters 2.5.3
Mailpoet Mailpoet Newsletters 2.3.3
NA
CVE-2014-4726
Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin prior to 2.6.8 for WordPress has unspecified impact and attack vectors.
Mailpoet Mailpoet Newsletters 2.1.1
Mailpoet Mailpoet Newsletters 2.0.6
Mailpoet Mailpoet Newsletters 1.1.5
Mailpoet Mailpoet Newsletters 2.0
Mailpoet Mailpoet Newsletters 2.6.6
Mailpoet Mailpoet Newsletters 2.1.2
Mailpoet Mailpoet Newsletters 2.6.3
Mailpoet Mailpoet Newsletters 1.0.1
Mailpoet Mailpoet Newsletters 2.5.4
Mailpoet Mailpoet Newsletters 0.9.2
Mailpoet Mailpoet Newsletters 2.3.1
Mailpoet Mailpoet Newsletters 2.4.1
Mailpoet Mailpoet Newsletters 2.3.2
Mailpoet Mailpoet Newsletters 2.6
Mailpoet Mailpoet Newsletters 2.5.9.3
Mailpoet Mailpoet Newsletters 2.0.7
Mailpoet Mailpoet Newsletters 2.0.8
Mailpoet Mailpoet Newsletters 2.0.9
Mailpoet Mailpoet Newsletters 2.4.4
Mailpoet Mailpoet Newsletters 2.6.4
Mailpoet Mailpoet Newsletters 2.5.3
Mailpoet Mailpoet Newsletters 2.3.3
NA
CVE-2014-4725
The MailPoet Newsletters (wysija-newsletters) plugin prior to 2.6.7 for WordPress allows remote malicious users to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/...
Mailpoet Mailpoet Newsletters 2.1.1
Mailpoet Mailpoet Newsletters 2.0.6
Mailpoet Mailpoet Newsletters 1.1.5
Mailpoet Mailpoet Newsletters 2.0
Mailpoet Mailpoet Newsletters 2.1.2
Mailpoet Mailpoet Newsletters 2.6.3
Mailpoet Mailpoet Newsletters 1.0.1
Mailpoet Mailpoet Newsletters 2.5.4
Mailpoet Mailpoet Newsletters 0.9.2
Mailpoet Mailpoet Newsletters 2.3.1
Mailpoet Mailpoet Newsletters 2.4.1
Mailpoet Mailpoet Newsletters 2.3.2
Mailpoet Mailpoet Newsletters 2.6
Mailpoet Mailpoet Newsletters 2.5.9.3
Mailpoet Mailpoet Newsletters 2.0.7
Mailpoet Mailpoet Newsletters 2.0.8
Mailpoet Mailpoet Newsletters 2.0.9
Mailpoet Mailpoet Newsletters 2.4.4
Mailpoet Mailpoet Newsletters 2.6.4
Mailpoet Mailpoet Newsletters 2.5.3
Mailpoet Mailpoet Newsletters 2.3.3
Mailpoet Mailpoet Newsletters 2.0.5
1 EDB exploit
NA
CVE-2014-4521
Cross-site scripting (XSS) vulnerability in client-assist.php in the dsIDXpress IDX plugin prior to 2.1.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the action parameter.
Diversesolutions Dsidxpress Idx Plugin 2.0.16
Diversesolutions Dsidxpress Idx Plugin 2.0.0
Diversesolutions Dsidxpress Idx Plugin 2.0.1
Diversesolutions Dsidxpress Idx Plugin 2.0.18
Diversesolutions Dsidxpress Idx Plugin 2.0.37
Diversesolutions Dsidxpress Idx Plugin 2.0.32
Diversesolutions Dsidxpress Idx Plugin 2.0.7
Diversesolutions Dsidxpress Idx Plugin 2.0.19
Diversesolutions Dsidxpress Idx Plugin 2.0.4
Diversesolutions Dsidxpress Idx Plugin 2.0.5
Diversesolutions Dsidxpress Idx Plugin 2.0.34
Diversesolutions Dsidxpress Idx Plugin 2.0.11
Diversesolutions Dsidxpress Idx Plugin 2.0.22
Diversesolutions Dsidxpress Idx Plugin 2.0.30
Diversesolutions Dsidxpress Idx Plugin 2.0.17
Diversesolutions Dsidxpress Idx Plugin 2.0.12
Diversesolutions Dsidxpress Idx Plugin 2.0.31
Diversesolutions Dsidxpress Idx Plugin
Diversesolutions Dsidxpress Idx Plugin 2.0.6
Diversesolutions Dsidxpress Idx Plugin 2.0.10
Diversesolutions Dsidxpress Idx Plugin 2.0.14
Diversesolutions Dsidxpress Idx Plugin 2.0.9
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »