Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.7 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-43504
Improper authentication vulnerability in WordPress versions before 6.0.3 allows a remote unauthenticated malicious user to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all ve...
Wordpress Wordpress
383
VMScore
CVE-2019-20042
In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function wp_targeted_link_rel() can be used in a particular way to result in a stored cross-site scripting (XSS) vulnerability. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions fr...
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 10.0
446
VMScore
CVE-2019-20043
In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such ...
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 10.0
NA
CVE-2023-25972
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in IKSWEB WordPress ????? plugin <= 3.7 versions.
Iksweb Wordpress Ctapt
383
VMScore
CVE-2012-2912
Multiple cross-site scripting (XSS) vulnerabilities in the LeagueManager plugin 3.7 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) group parameter in the show-league page or (2) season parameter in the team page to wp-admin/admin.php...
Kolja Schleich Leaguemanager 3.7
755
VMScore
CVE-2013-1852
SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin prior to 3.8.1 for WordPress allows remote malicious users to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php.
Kolja Schleich Leaguemanager
Kolja Schleich Leaguemanager 3.7
Kolja Schleich Leaguemanager 3.6.9
Kolja Schleich Leaguemanager 3.5.2
Kolja Schleich Leaguemanager 3.5.1
Kolja Schleich Leaguemanager 3.5
Kolja Schleich Leaguemanager 3.4.2
Kolja Schleich Leaguemanager 3.1.7
Kolja Schleich Leaguemanager 3.1.6
Kolja Schleich Leaguemanager 3.1.5
Kolja Schleich Leaguemanager 3.1.4
Kolja Schleich Leaguemanager 2.9
Kolja Schleich Leaguemanager 2.8
Kolja Schleich Leaguemanager 2.7.1
Kolja Schleich Leaguemanager 2.1
Kolja Schleich Leaguemanager 2.0
Kolja Schleich Leaguemanager 1.5
Kolja Schleich Leaguemanager 1.4.2
Kolja Schleich Leaguemanager 3.6.7
Kolja Schleich Leaguemanager 3.6.5
Kolja Schleich Leaguemanager 3.6
Kolja Schleich Leaguemanager 3.5.5
1 EDB exploit
1 Github repository
383
VMScore
CVE-2013-5711
Cross-site scripting (XSS) vulnerability in admin/walkthrough/walkthrough.php in the Design Approval System plugin prior to 3.7 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the step parameter.
Slickremix Design Approval System Plugin 2.6
Slickremix Design Approval System Plugin 2.5
Slickremix Design Approval System Plugin 2.4
Slickremix Design Approval System Plugin 2.3
Slickremix Design Approval System Plugin 3.4
Slickremix Design Approval System Plugin 3.3
Slickremix Design Approval System Plugin 3.2
Slickremix Design Approval System Plugin 3.1
Slickremix Design Approval System Plugin 1.8
Slickremix Design Approval System Plugin 1.7
Slickremix Design Approval System Plugin 1.6
Slickremix Design Approval System Plugin 1.5
Slickremix Design Approval System Plugin 1.4
Slickremix Design Approval System Plugin 3.5
Slickremix Design Approval System Plugin 3.0
Slickremix Design Approval System Plugin 2.8
Slickremix Design Approval System Plugin 2.1
Slickremix Design Approval System Plugin 1.9
Slickremix Design Approval System Plugin 1.2
Slickremix Design Approval System Plugin 1.0
Slickremix Design Approval System Plugin
Slickremix Design Approval System Plugin 2.9
685
VMScore
CVE-2014-4717
Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin prior to 4.5 for WordPress allow remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba...
Sharethis Simple Share Buttons Adder 2.2
Sharethis Simple Share Buttons Adder 2.0
Sharethis Simple Share Buttons Adder 1.0
Sharethis Simple Share Buttons Adder 3.2
Sharethis Simple Share Buttons Adder 3.9
Sharethis Simple Share Buttons Adder 3.8
Sharethis Simple Share Buttons Adder 1.5
Sharethis Simple Share Buttons Adder 2.3
Sharethis Simple Share Buttons Adder 1.1
Sharethis Simple Share Buttons Adder 3.1
Sharethis Simple Share Buttons Adder 3.0
Sharethis Simple Share Buttons Adder 2.9
Sharethis Simple Share Buttons Adder 1.3
Sharethis Simple Share Buttons Adder 4.1
Sharethis Simple Share Buttons Adder 4.0
Sharethis Simple Share Buttons Adder 2.4
Sharethis Simple Share Buttons Adder
Sharethis Simple Share Buttons Adder 4.2
Sharethis Simple Share Buttons Adder 3.5
Sharethis Simple Share Buttons Adder 2.8
Sharethis Simple Share Buttons Adder 2.6
Sharethis Simple Share Buttons Adder 1.9
1 EDB exploit
NA
CVE-2023-4549
The DoLogin Security WordPress plugin prior to 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by malicious users to conduct Stored XSS attacks via WordPress' login form.
Wpdo5ea Dologin Security
1 Github repository
383
VMScore
CVE-2011-5104
Cross-site scripting (XSS) vulnerability in wpsc-admin/display-sales-logs.php in WP e-Commerce plugin 3.8.7.1 and possibly earlier for WordPress allows remote malicious users to inject arbitrary web script or HTML via the custom_text parameter. NOTE: some of these details are obt...
Getshopped Wp E-commerce 3.8.6
Getshopped Wp E-commerce 3.8.5
Getshopped Wp E-commerce 3.8
Getshopped Wp E-commerce 3.7.8.1
Getshopped Wp E-commerce 3.7.8
Getshopped Wp E-commerce 3.7.7
Getshopped Wp E-commerce 3.7.6.2
Getshopped Wp E-commerce 3.7.6.1
Getshopped Wp E-commerce 3.7
Getshopped Wp E-commerce 3.7.5.3
Getshopped Wp E-commerce 3.7.5
Getshopped Wp E-commerce 3.6.13
Getshopped Wp E-commerce 3.6.12
Getshopped Wp E-commerce 3.8.4
Getshopped Wp E-commerce 3.8.3
Getshopped Wp E-commerce 3.7.6.9
Getshopped Wp E-commerce 3.7.6.7
Getshopped Wp E-commerce 3.7.6
Getshopped Wp E-commerce 3.7.5.2
Getshopped Wp E-commerce 3.7.5.1
Getshopped Wp E-commerce 3.7.4
Getshopped Wp E-commerce 3.6.11
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »