Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

wordpress wordpress 3.6.1 vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2013-5739
The default configuration of WordPress prior to 3.6.1 does not prevent uploads of .swf and .exe files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file, related to the get_allowed_mime_types function in wp-...
Wordpress Wordpress
NA
CVE-2014-5204
wp-includes/pluggable.php in WordPress prior to 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote malicious users to bypass a CSRF protection mechanism via a brute-force attack.
Debian Debian Linux 7.0Wordpress Wordpress 3.9.0Wordpress Wordpress
NA
CVE-2014-5266
The Incutio XML-RPC (IXR) Library, as used in WordPress prior to 3.9.2 and Drupal 6.x prior to 6.33 and 7.x prior to 7.31, does not limit the number of elements in an XML document, which allows remote malicious users to cause a denial of service (CPU consumption) via a large docu...
Wordpress Wordpress 3.0Wordpress Wordpress 3.0.1Wordpress Wordpress 3.0.2Wordpress Wordpress 3.0.3Wordpress Wordpress 3.3.1Wordpress Wordpress 3.3.2Wordpress Wordpress 3.3.3Wordpress Wordpress 3.4.0Wordpress Wordpress 3.0.4Wordpress Wordpress 3.0.6Wordpress Wordpress 3.2Wordpress Wordpress 3.3Wordpress Wordpress 3.4.1Wordpress Wordpress 3.5.0Wordpress Wordpress 3.8.1Wordpress WordpressWordpress Wordpress 3.1.1Wordpress Wordpress 3.1.2Wordpress Wordpress 3.1.3Wordpress Wordpress 3.1.4Wordpress Wordpress 3.6Wordpress Wordpress 3.6.1
NA
CVE-2014-5265
The Incutio XML-RPC (IXR) Library, as used in WordPress prior to 3.9.2 and Drupal 6.x prior to 6.33 and 7.x prior to 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote malicious users to cause a denial of service (memory a...
Wordpress Wordpress 3.0Wordpress Wordpress 3.0.1Wordpress Wordpress 3.0.2Wordpress Wordpress 3.3.1Wordpress Wordpress 3.3.2Wordpress Wordpress 3.3.3Wordpress Wordpress 3.4.0Wordpress Wordpress 3.1Wordpress Wordpress 3.1.1Wordpress Wordpress 3.1.2Wordpress Wordpress 3.1.3Wordpress Wordpress 3.1.4Wordpress Wordpress 3.6Wordpress Wordpress 3.6.1Wordpress Wordpress 3.7Wordpress Wordpress 3.7.1Wordpress Wordpress 3.0.4Wordpress Wordpress 3.0.6Wordpress Wordpress 3.2Wordpress Wordpress 3.3Wordpress Wordpress 3.4.1Wordpress Wordpress 3.5.0
6.1
CVSSv3
CVE-2016-1564
Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/class-wp-theme.php in WordPress prior to 4.4.1 allow remote malicious users to inject arbitrary web script or HTML via a (1) stylesheet name or (2) template name to wp-admin/customize.php.
Wordpress Wordpress
7.4
CVSSv3
CVE-2016-2221
Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress prior to 4.4.2 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL that triggers incorrect hostname parsi...
Wordpress Wordpress
8.6
CVSSv3
CVE-2016-2222
The wp_http_validate_url function in wp-includes/http.php in WordPress prior to 4.4.2 allows remote malicious users to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address in the u parameter to wp-admin/press-this.php.
Wordpress Wordpress 4.4.1
6.1
CVSSv3
CVE-2015-5714
Cross-site scripting (XSS) vulnerability in WordPress prior to 4.3.1 allows remote malicious users to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.
Wordpress Wordpress
NA
CVE-2015-2213
SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress prior to 4.2.4 allows remote malicious users to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash.
Wordpress Wordpress
NA
CVE-2015-5731
Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress prior to 4.2.4 allows remote malicious users to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service (editing blockage), via a get-po...
Wordpress Wordpress
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook