Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.1 vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2022-0684
The WP Home Page Menu WordPress plugin prior to 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Wp Home Page Menu Project Wp Home Page Menu
6.1
CVSSv3
CVE-2021-38322
The Twitter Friends Widget WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the pmc_TF_user and pmc_TF_password parameter found in the ~/twitter-friends-widget.php file which allows malicious users to inject arbitrary web scripts, in versions up to and includi...
Twitter Friends Widget Project Twitter Friends Widget
8.8
CVSSv3
CVE-2020-7047
The WordPress plugin, WP Database Reset up to and including 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability (with a simple wp-admin/admin.php?db-reset-tables[]=users request) to escalate their privileges to administrator while dropping...
Webfactoryltd Wp Database Reset
9.1
CVSSv3
CVE-2020-7048
The WordPress plugin, WP Database Reset up to and including 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a wp-admin/admin-po...
Webfactoryltd Wp Database Reset
1 Github repository
7.5
CVSSv3
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Wordpress Wordpress 3.0.5
Wordpress Wordpress 4.0.1
Wordpress Wordpress 3.6.1
Wordpress Wordpress 4.1.1
Wordpress Wordpress 3.7
Wordpress Wordpress 3.9.3
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.2.1
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.0
Wordpress Wordpress 3.8.3
Wordpress Wordpress 3.2
Wordpress Wordpress 3.3.3
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.9.2
Wordpress Wordpress 3.7.1
Wordpress Wordpress 4.5.3
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.7.4
Wordpress Wordpress 3.8.2
Wordpress Wordpress 4.7.1
Wordpress Wordpress 3.0.4
2 Github repositories
NA
CVE-2015-2194
Unrestricted file upload vulnerability in the fusion_options function in functions.php in the Fusion theme 3.1 for Wordpress allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension in a fusion_save action, then accessing it via...
Digitalnature Fusion 3.1
NA
CVE-2014-5324
Unrestricted file upload vulnerability in the N-Media file uploader plugin prior to 3.4 for WordPress allows remote authenticated users to execute arbitrary PHP code by leveraging Author privileges to store a file.
Najeebmedia N-media File Uploader 3.2
Najeebmedia N-media File Uploader 3.1
Najeebmedia N-media File Uploader 3.0
Najeebmedia N-media File Uploader
NA
CVE-2014-5265
The Incutio XML-RPC (IXR) Library, as used in WordPress prior to 3.9.2 and Drupal 6.x prior to 6.33 and 7.x prior to 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote malicious users to cause a denial of service (memory a...
Wordpress Wordpress 3.0.5
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.6.1
Wordpress Wordpress 3.7
Wordpress Wordpress 3.5.0
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.2.1
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.0
Wordpress Wordpress 3.2
Wordpress Wordpress 3.3.3
Wordpress Wordpress
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.9.0
Wordpress Wordpress 3.7.1
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.1
Wordpress Wordpress 3.6
Wordpress Wordpress 3.3.2
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.0.6
NA
CVE-2014-5266
The Incutio XML-RPC (IXR) Library, as used in WordPress prior to 3.9.2 and Drupal 6.x prior to 6.33 and 7.x prior to 7.31, does not limit the number of elements in an XML document, which allows remote malicious users to cause a denial of service (CPU consumption) via a large docu...
Wordpress Wordpress 3.0.5
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.6.1
Wordpress Wordpress 3.7
Wordpress Wordpress 3.5.0
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.2.1
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.0
Wordpress Wordpress 3.2
Wordpress Wordpress 3.3.3
Wordpress Wordpress
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.9.0
Wordpress Wordpress 3.7.1
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.1
Wordpress Wordpress 3.6
Wordpress Wordpress 3.3.2
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.0.6
NA
CVE-2014-5240
Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress prior to 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL.
Wordpress Wordpress 3.0.5
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.6.1
Wordpress Wordpress 3.7
Wordpress Wordpress 3.5.0
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.2.1
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.0
Wordpress Wordpress 3.2
Wordpress Wordpress 3.3.3
Wordpress Wordpress
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.9.0
Wordpress Wordpress 3.7.1
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.1
Wordpress Wordpress 3.6
Wordpress Wordpress 3.3.2
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.0.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »