Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.7.5 vulnerabilities and exploits
(subscribe to this query)
580
VMScore
CVE-2017-17091
wp-admin/user-new.php in WordPress prior to 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote malicious users to bypass intended access restrictions by entering this string.
Wordpress Wordpress
2 Github repositories
670
VMScore
CVE-2017-16510
WordPress prior to 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-1...
Wordpress Wordpress
608
VMScore
CVE-2019-9787
WordPress prior to 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectl...
Wordpress Wordpress
10 Github repositories
437
VMScore
CVE-2017-8295
WordPress up to and including 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote malicious users to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message t...
Wordpress Wordpress
1 EDB exploit
8 Github repositories
312
VMScore
CVE-2019-16780
WordPress users with lower privileges (like contributors) can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. This can lead to XSS if an admin opens the post in the editor. Execution of this attack does require an authe...
Wordpress Wordpress 3.7
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 10.0
312
VMScore
CVE-2020-11026
In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with ...
Wordpress Wordpress 5.4
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
384
VMScore
CVE-2020-11029
In affected versions of WordPress, a vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS) attacks. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3...
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Wordpress Wordpress 5.4
Wordpress Wordpress
490
VMScore
CVE-2020-11027
In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with al...
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Wordpress Wordpress 5.4
Wordpress Wordpress
446
VMScore
CVE-2017-9062
In WordPress prior to 4.7.5, there is improper handling of post meta data values in the XML-RPC API.
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 8.0
384
VMScore
CVE-2017-9063
In WordPress prior to 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »