Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.1.2 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-3438
Multiple cross-site scripting (XSS) vulnerabilities in WordPress prior to 4.1.2, when MySQL is used without strict mode, allow remote malicious users to inject arbitrary web script or HTML via a (1) four-byte UTF-8 character or (2) invalid character that reaches the database laye...
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 7.0
NA
CVE-2015-3440
Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress prior to 4.2.1 allows remote malicious users to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type.
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Wordpress Wordpress
1 EDB exploit
14 Github repositories
8.8
CVSSv3
CVE-2022-2557
The Team WordPress plugin prior to 4.1.2 contains a file which could allow any authenticated users to download arbitrary files from the server via a path traversal vector. Furthermore, the file will also be deleted after its content is returned to the user
Radiustheme Team - Wordpress Team Members Showcase
NA
CVE-2013-1636
Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin prior to 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 up to and including 4.2.9 and 4.3.0 u...
Blair Williams Pretty Link Lite 1.6.1
Blair Williams Pretty Link Lite 1.6.0
Blair Williams Pretty Link Lite
Joobi Com Jnews 8.0.1
Civicrm Civicrm 3.1.3
Civicrm Civicrm 4.2.5
Civicrm Civicrm 3.1.0
Civicrm Civicrm 4.1.2
Civicrm Civicrm 4.3.1
Civicrm Civicrm 4.1.4
Civicrm Civicrm 4.2.8
Civicrm Civicrm 4.1.1
Civicrm Civicrm 4.2.7
Civicrm Civicrm 3.4.0
Civicrm Civicrm 4.3.0
Civicrm Civicrm 3.3.1
Civicrm Civicrm 3.1.1
Civicrm Civicrm 3.3.0
Civicrm Civicrm 3.2.4
Civicrm Civicrm 3.2.1
Civicrm Civicrm 3.2.3
Civicrm Civicrm 3.3.5
1 EDB exploit
NA
CVE-2008-4107
The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows malicious users to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset funct...
Php Php 4.3.9
Php Php 4.0
Php Php 4.2.0
Php Php 4.4.4
Php Php 4.1.0
Php Php 4.3.4
Php Php 4.3.0
Php Php 4.0.5
Php Php 4.3.6
Php Php 4.0.7
Php Php 4.3.7
Php Php 4.2.2
Php Php 4.4.2
Php Php 4.3.2
Php Php 4.3.11
Php Php 4.0.0
Php Php 4.0.3
Php Php 4.0.2
Php Php 4.3.3
Php Php 4.1.1
Php Php 4.4.3
Php Php 4.2.3
8.8
CVSSv3
CVE-2023-22672
Cross-Site Request Forgery (CSRF) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <= 4.1.2 versions.
Vibethemes Vslider
4.8
CVSSv3
CVE-2023-25797
Auth. Stored Cross-Site Scripting (XSS) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <= 4.1.2 versions.
Vslider Multi Image Slider Project Vslider Multi Image Slider
8.8
CVSSv3
CVE-2017-18597
The jtrt-responsive-tables plugin prior to 4.1.2 for WordPress has SQL Injection via the admin/class-jtrt-responsive-tables-admin.php tableId parameter.
Jtrt Responsive Tables Project Jtrt Responsive Tables
8.8
CVSSv3
CVE-2024-5326
The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postx_presets_callback' function in all versions up to, and including, 4.1.2. This ma...
2 Github repositories
5.4
CVSSv3
CVE-2022-4754
The Easy Social Box / Page Plugin WordPress plugin up to and including 4.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perfo...
Easy Social Box Project Easy Social Box
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »