Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.6.5 vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2017-18524
The football-pool plugin prior to 2.6.5 for WordPress has multiple XSS issues.
Football Pool Project Football Pool
445
VMScore
CVE-2017-11658
In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack.
Wp-rocket Wp-rocket 2.6.14
Wp-rocket Wp-rocket 2.0.4
Wp-rocket Wp-rocket 2.5.9
Wp-rocket Wp-rocket 2.0.0
Wp-rocket Wp-rocket 2.9.1
Wp-rocket Wp-rocket 2.7.3
Wp-rocket Wp-rocket 2.7.0
Wp-rocket Wp-rocket 2.8.5
Wp-rocket Wp-rocket 2.10.0
Wp-rocket Wp-rocket 2.3.9
Wp-rocket Wp-rocket 2.3.1
Wp-rocket Wp-rocket 2.8.11
Wp-rocket Wp-rocket 2.3.5
Wp-rocket Wp-rocket 2.9.6
Wp-rocket Wp-rocket 2.5.10
Wp-rocket Wp-rocket 2.6.9
Wp-rocket Wp-rocket 2.9.11
Wp-rocket Wp-rocket 2.8.3
Wp-rocket Wp-rocket 2.8.18
Wp-rocket Wp-rocket 2.6.13
Wp-rocket Wp-rocket 2.8.23
Wp-rocket Wp-rocket 2.6.6
445
VMScore
CVE-2014-8585
Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.
Wpdownloadmanager Wordpress Download Manager 1.1
Wpdownloadmanager Wordpress Download Manager 1.2
Wpdownloadmanager Wordpress Download Manager 1.2.1
Wpdownloadmanager Wordpress Download Manager 1.2.2
Wpdownloadmanager Wordpress Download Manager 1.2.3
Wpdownloadmanager Wordpress Download Manager 1.2.4
Wpdownloadmanager Wordpress Download Manager 1.2.5
Wpdownloadmanager Wordpress Download Manager 1.3
Wpdownloadmanager Wordpress Download Manager 1.4
Wpdownloadmanager Wordpress Download Manager 1.5
Wpdownloadmanager Wordpress Download Manager 1.5.1
Wpdownloadmanager Wordpress Download Manager 1.5.2
Wpdownloadmanager Wordpress Download Manager 1.5.3
Wpdownloadmanager Wordpress Download Manager 1.5.9
Wpdownloadmanager Wordpress Download Manager 1.5.32
Wpdownloadmanager Wordpress Download Manager 1.5.33
Wpdownloadmanager Wordpress Download Manager 2.0.1
Wpdownloadmanager Wordpress Download Manager 2.0.2
Wpdownloadmanager Wordpress Download Manager 2.0.3
Wpdownloadmanager Wordpress Download Manager 2.0.4
Wpdownloadmanager Wordpress Download Manager 2.0.5
Wpdownloadmanager Wordpress Download Manager 2.0.6
605
VMScore
CVE-2014-3907
Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin prior to 2.6.11 for WordPress allows remote malicious users to hijack the authentication of arbitrary users.
Mailpoet Mailpoet Newsletters 2.1.1
Mailpoet Mailpoet Newsletters 2.0.6
Mailpoet Mailpoet Newsletters 1.1.5
Mailpoet Mailpoet Newsletters 2.0
Mailpoet Mailpoet Newsletters 2.6.6
Mailpoet Mailpoet Newsletters 2.1.2
Mailpoet Mailpoet Newsletters 2.6.3
Mailpoet Mailpoet Newsletters 1.0.1
Mailpoet Mailpoet Newsletters 2.5.4
Mailpoet Mailpoet Newsletters 0.9.2
Mailpoet Mailpoet Newsletters 2.3.1
Mailpoet Mailpoet Newsletters 2.4.1
Mailpoet Mailpoet Newsletters 2.3.2
Mailpoet Mailpoet Newsletters 2.6
Mailpoet Mailpoet Newsletters 2.5.9.3
Mailpoet Mailpoet Newsletters 2.0.7
Mailpoet Mailpoet Newsletters 2.0.8
Mailpoet Mailpoet Newsletters 2.0.9
Mailpoet Mailpoet Newsletters 2.4.4
Mailpoet Mailpoet Newsletters 2.6.4
Mailpoet Mailpoet Newsletters 2.5.3
Mailpoet Mailpoet Newsletters 2.3.3
668
VMScore
CVE-2014-4726
Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin prior to 2.6.8 for WordPress has unspecified impact and attack vectors.
Mailpoet Mailpoet Newsletters 2.1.1
Mailpoet Mailpoet Newsletters 2.0.6
Mailpoet Mailpoet Newsletters 1.1.5
Mailpoet Mailpoet Newsletters 2.0
Mailpoet Mailpoet Newsletters 2.6.6
Mailpoet Mailpoet Newsletters 2.1.2
Mailpoet Mailpoet Newsletters 2.6.3
Mailpoet Mailpoet Newsletters 1.0.1
Mailpoet Mailpoet Newsletters 2.5.4
Mailpoet Mailpoet Newsletters 0.9.2
Mailpoet Mailpoet Newsletters 2.3.1
Mailpoet Mailpoet Newsletters 2.4.1
Mailpoet Mailpoet Newsletters 2.3.2
Mailpoet Mailpoet Newsletters 2.6
Mailpoet Mailpoet Newsletters 2.5.9.3
Mailpoet Mailpoet Newsletters 2.0.7
Mailpoet Mailpoet Newsletters 2.0.8
Mailpoet Mailpoet Newsletters 2.0.9
Mailpoet Mailpoet Newsletters 2.4.4
Mailpoet Mailpoet Newsletters 2.6.4
Mailpoet Mailpoet Newsletters 2.5.3
Mailpoet Mailpoet Newsletters 2.3.3
755
VMScore
CVE-2014-4725
The MailPoet Newsletters (wysija-newsletters) plugin prior to 2.6.7 for WordPress allows remote malicious users to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/...
Mailpoet Mailpoet Newsletters 2.1.1
Mailpoet Mailpoet Newsletters 2.0.6
Mailpoet Mailpoet Newsletters 1.1.5
Mailpoet Mailpoet Newsletters 2.0
Mailpoet Mailpoet Newsletters 2.1.2
Mailpoet Mailpoet Newsletters 2.6.3
Mailpoet Mailpoet Newsletters 1.0.1
Mailpoet Mailpoet Newsletters 2.5.4
Mailpoet Mailpoet Newsletters 0.9.2
Mailpoet Mailpoet Newsletters 2.3.1
Mailpoet Mailpoet Newsletters 2.4.1
Mailpoet Mailpoet Newsletters 2.3.2
Mailpoet Mailpoet Newsletters 2.6
Mailpoet Mailpoet Newsletters 2.5.9.3
Mailpoet Mailpoet Newsletters 2.0.7
Mailpoet Mailpoet Newsletters 2.0.8
Mailpoet Mailpoet Newsletters 2.0.9
Mailpoet Mailpoet Newsletters 2.4.4
Mailpoet Mailpoet Newsletters 2.6.4
Mailpoet Mailpoet Newsletters 2.5.3
Mailpoet Mailpoet Newsletters 2.3.3
Mailpoet Mailpoet Newsletters 2.0.5
1 EDB exploit
383
VMScore
CVE-2014-4513
Multiple cross-site scripting (XSS) vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and previous versions for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parame...
Activehelper Activehelper Livehelp Live Chat 2.9.0
Activehelper Activehelper Livehelp Live Chat 2.6.2
Activehelper Activehelper Livehelp Live Chat 2.7.5
Activehelper Activehelper Livehelp Live Chat 2.7.3
Activehelper Activehelper Livehelp Live Chat 3.0.0
Activehelper Activehelper Livehelp Live Chat 2.7.0
Activehelper Activehelper Livehelp Live Chat 2.9.1
Activehelper Activehelper Livehelp Live Chat 2.6.0
Activehelper Activehelper Livehelp Live Chat 2.7.4
Activehelper Activehelper Livehelp Live Chat 2.6.1
Activehelper Activehelper Livehelp Live Chat 2.6.7
Activehelper Activehelper Livehelp Live Chat 2.9.2
Activehelper Activehelper Livehelp Live Chat 2.6.5
Activehelper Activehelper Livehelp Live Chat 2.9.5
Activehelper Activehelper Livehelp Live Chat
356
VMScore
CVE-2014-0165
WordPress prior to 3.7.2 and 3.8.x prior to 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php.
Wordpress Wordpress 3.0.5
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 1.2.3
Wordpress Wordpress 3.4.0
Wordpress Wordpress 2.0.11
Wordpress Wordpress 1.3.3
Wordpress Wordpress 3.6.1
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 3.7
Wordpress Wordpress 1.6.2
Wordpress Wordpress 3.5.0
Wordpress Wordpress 2.1
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.2.4
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.0.4
570
VMScore
CVE-2014-0166
The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress prior to 3.7.2 and 3.8.x prior to 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote malicious users to obtain access via a forged cookie.
Wordpress Wordpress 3.0.5
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 1.2.3
Wordpress Wordpress 3.4.0
Wordpress Wordpress 2.0.11
Wordpress Wordpress 1.3.3
Wordpress Wordpress 3.6.1
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 3.7
Wordpress Wordpress 1.6.2
Wordpress Wordpress 3.5.0
Wordpress Wordpress 2.1
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.2.4
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.0.4
1 Github repository
516
VMScore
CVE-2010-5293
wp-includes/comment.php in WordPress prior to 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote malicious users to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match.
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 2.0.11
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.1
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.2
Wordpress Wordpress 2.1.3
Wordpress Wordpress 3.0
Wordpress Wordpress 2.8
Wordpress Wordpress 2.0.7
Wordpress Wordpress 2.1.2
Wordpress Wordpress 2.7.1
Wordpress Wordpress 2.6.3
Wordpress Wordpress 2.0.5
Wordpress Wordpress 2.8.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28995
CVE-2024-36680
CVE-2024-35537
unauthorized
CVE-2024-21518
CVE-2024-37673
cross-site scripting
SSRF
CVE-2024-6241
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »