Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.7.5 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2017-17091
wp-admin/user-new.php in WordPress prior to 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote malicious users to bypass intended access restrictions by entering this string.
Wordpress Wordpress
2 Github repositories
7.5
CVSSv2
CVE-2017-16510
WordPress prior to 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-1...
Wordpress Wordpress
6.8
CVSSv2
CVE-2019-9787
WordPress prior to 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectl...
Wordpress Wordpress
10 Github repositories
4.3
CVSSv2
CVE-2017-8295
WordPress up to and including 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote malicious users to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message t...
Wordpress Wordpress
1 EDB exploit
8 Github repositories
3.5
CVSSv2
CVE-2019-16780
WordPress users with lower privileges (like contributors) can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. This can lead to XSS if an admin opens the post in the editor. Execution of this attack does require an authe...
Wordpress Wordpress 3.7
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 10.0
3.5
CVSSv2
CVE-2020-11026
In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with ...
Wordpress Wordpress 5.4
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
4.3
CVSSv2
CVE-2020-11029
In affected versions of WordPress, a vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS) attacks. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3...
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Wordpress Wordpress 5.4
Wordpress Wordpress
5.5
CVSSv2
CVE-2020-11027
In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with al...
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Wordpress Wordpress 5.4
Wordpress Wordpress
5
CVSSv2
CVE-2017-9062
In WordPress prior to 4.7.5, there is improper handling of post meta data values in the XML-RPC API.
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 8.0
4.3
CVSSv2
CVE-2017-9063
In WordPress prior to 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »