Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.6 vulnerabilities and exploits
(subscribe to this query)
355
VMScore
CVE-2018-10309
The Responsive Cookie Consent plugin prior to 1.8 for WordPress mishandles number fields, leading to XSS.
Responsive Cookie Consent Project Responsive Cookie Consent
1 EDB exploit
383
VMScore
CVE-2014-1888
Cross-site scripting (XSS) vulnerability in the BuddyPress plugin prior to 1.9.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the name field to groups/create/step/group-details. NOTE: this can be exploited without authentication by le...
Buddypress Buddypress
Buddypress Buddypress 1.8.1
Buddypress Buddypress 1.6.3
Buddypress Buddypress 1.6.2
Buddypress Buddypress 1.5.5
Buddypress Buddypress 1.5.6
Buddypress Buddypress 1.7
Buddypress Buddypress 1.6.5
Buddypress Buddypress 1.6.4
Buddypress Buddypress 1.5.3.1
Buddypress Buddypress 1.5.4
Buddypress Buddypress 1.7.2
Buddypress Buddypress 1.7.1
Buddypress Buddypress 1.5.2
Buddypress Buddypress 1.5.3
Buddypress Buddypress 1.6.1
Buddypress Buddypress 1.8
Buddypress Buddypress 1.7.3
Buddypress Buddypress 1.5
Buddypress Buddypress 1.5.1
Buddypress Buddypress 1.5.7
Buddypress Buddypress 1.6
755
VMScore
CVE-2009-3703
Multiple SQL injection vulnerabilities in the WP-Forum plugin prior to 2.4 for WordPress allow remote malicious users to execute arbitrary SQL commands via (1) the search_max parameter in a search action to the default URI, related to wpf.class.php; (2) the forum parameter to an ...
Fahlstad Wp-forum 1.7.4
Fahlstad Wp-forum 2.1
Fahlstad Wp-forum 1.6
Fahlstad Wp-forum 1.5
Fahlstad Wp-forum 1.8
Fahlstad Wp-forum
Fahlstad Wp-forum 1.7.3
Fahlstad Wp-forum 1.7
Fahlstad Wp-forum 1.7.8
Fahlstad Wp-forum 2.0
1 EDB exploit
755
VMScore
CVE-2012-6625
SQL injection vulnerability in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin prior to 1.7.4 for WordPress allows remote malicious users to execute arbitrary SQL commands via the groupid parameter in an editgroup action.
Vasthtml Forumpress 1.2
Vasthtml Forumpress 1.3
Vasthtml Forumpress 1.5.1
Vasthtml Forumpress 1.6.4
Vasthtml Forumpress 1.6.5
Vasthtml Forumpress 1.7.2
Vasthtml Forumpress 1.7.3
Vasthtml Forumpress 1.5.2
Vasthtml Forumpress 1.6.8
Vasthtml Forumpress 1.6.9
Vasthtml Forumpress 1.4
Vasthtml Forumpress 1.5
Vasthtml Forumpress 1.6.6
Vasthtml Forumpress 1.6.7
Vasthtml Forumpress
Vasthtml Forumpress 1.0
Vasthtml Forumpress 1.1
Vasthtml Forumpress 1.6
Vasthtml Forumpress 1.6.2
Vasthtml Forumpress 1.6.3
Vasthtml Forumpress 1.7
Vasthtml Forumpress 1.7.1
1 EDB exploit
435
VMScore
CVE-2011-3860
Cross-site scripting (XSS) vulnerability in the Cover WP theme prior to 1.6.6 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the s parameter.
Onedesigns Cover Wp
Onedesigns Cover Wp 1.1
Onedesigns Cover Wp 1.2
Onedesigns Cover Wp 1.3
Onedesigns Cover Wp 1.4
Onedesigns Cover Wp 1.4.1
Onedesigns Cover Wp 1.5
Onedesigns Cover Wp 1.5.1
Onedesigns Cover Wp 1.5.2
Onedesigns Cover Wp 1.5.3
Onedesigns Cover Wp 1.5.4
Onedesigns Cover Wp 1.5.5
Onedesigns Cover Wp 1.5.6
Onedesigns Cover Wp 1.5.7
Onedesigns Cover Wp 1.5.8
Onedesigns Cover Wp 1.5.9
Onedesigns Cover Wp 1.6
Onedesigns Cover Wp 1.6.1
Onedesigns Cover Wp 1.6.2
Onedesigns Cover Wp 1.6.3
Onedesigns Cover Wp 1.6.4
1 EDB exploit
NA
CVE-2023-1403
The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 5.0.7. This makes it possible for authenticated attackers with contributor-level and above permissions to ...
Weavertheme Weaver Xtreme Theme
NA
CVE-2023-1404
The Weaver Show Posts Plugin for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 1.6. This makes it possible for authenticated attackers with contributor-level and above permissions ...
Weavertheme Weaver Show Posts
685
VMScore
CVE-2013-4240
Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS Testimonials plugin prior to 2.0.11 for WordPress allow remote malicious users to hijack the authentication of administrators for requests that (1) add new testimonials via the hms-testimonials-addnew page, (2)...
Hitmyserver Hms Testimonials 2.0.7
Hitmyserver Hms Testimonials 2.0.6
Hitmyserver Hms Testimonials 2.0.5
Hitmyserver Hms Testimonials 2.0.4
Hitmyserver Hms Testimonials 1.3
Hitmyserver Hms Testimonials 1.2
Hitmyserver Hms Testimonials 1.1
Hitmyserver Hms Testimonials 2.0.9
Hitmyserver Hms Testimonials 2.0.2
Hitmyserver Hms Testimonials 2.0
Hitmyserver Hms Testimonials 1.6
Hitmyserver Hms Testimonials 1.4.1
Hitmyserver Hms Testimonials 1.7.1
Hitmyserver Hms Testimonials 1.7
Hitmyserver Hms Testimonials 1.6.2
Hitmyserver Hms Testimonials 1.6.1
Hitmyserver Hms Testimonials
Hitmyserver Hms Testimonials 2.0.8
Hitmyserver Hms Testimonials 2.0.3
Hitmyserver Hms Testimonials 2.0.1
Hitmyserver Hms Testimonials 1.5
Hitmyserver Hms Testimonials 1.4
1 EDB exploit
435
VMScore
CVE-2012-2572
Cross-site scripting (XSS) vulnerability in the ThreeWP Email Reflector plugin prior to 1.16 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the Subject of an email.
Mindreantre Threewp Email Reflector 1.12
Mindreantre Threewp Email Reflector 1.11
Mindreantre Threewp Email Reflector 1.4
Mindreantre Threewp Email Reflector 1.3
Mindreantre Threewp Email Reflector 1.10
Mindreantre Threewp Email Reflector 1.9
Mindreantre Threewp Email Reflector 1.2
Mindreantre Threewp Email Reflector 1.1
Mindreantre Threewp Email Reflector
Mindreantre Threewp Email Reflector 1.8
Mindreantre Threewp Email Reflector 1.7
Mindreantre Threewp Email Reflector 1.0
Mindreantre Threewp Email Reflector 1.14
Mindreantre Threewp Email Reflector 1.13
Mindreantre Threewp Email Reflector 1.6
Mindreantre Threewp Email Reflector 1.5
1 EDB exploit
435
VMScore
CVE-2011-3863
Cross-site scripting (XSS) vulnerability in the RedLine theme prior to 1.66 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the s parameter.
Post-scriptum Redline
Post-scriptum Redline 0.2.1
Post-scriptum Redline 0.2.2
Post-scriptum Redline 0.2.3
Post-scriptum Redline 0.2.5
Post-scriptum Redline 0.2.6
Post-scriptum Redline 0.2.7
Post-scriptum Redline 0.2.7.1
Post-scriptum Redline 0.2.9
Post-scriptum Redline 0.3
Post-scriptum Redline 0.5
Post-scriptum Redline 0.5.5
Post-scriptum Redline 0.7
Post-scriptum Redline 0.7.1
Post-scriptum Redline 0.7.5
Post-scriptum Redline 0.8
Post-scriptum Redline 0.85
Post-scriptum Redline 0.90
Post-scriptum Redline 1.0
Post-scriptum Redline 1.0.1
Post-scriptum Redline 1.0.3
Post-scriptum Redline 1.1
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »