Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

wordpress wordpress 3.5.1 vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2014-8605
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote malicious users to obtain sensitive information via a direct request to a backup file in admin...
Xcloner Xcloner 3.1.1Xcloner Xcloner 3.5.1
NA
CVE-2014-8606
Directory traversal vulnerability in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to read arbitrary files via a .. (dot dot) in the file parameter in a json_return action in the xcloner_show page to wp-admin/admin-ajax.php.
Xcloner Xcloner 3.1.1Xcloner Xcloner 3.5.1
NA
CVE-2014-8607
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! provides the MySQL username and password on the command line, which allows local users to obtain sensitive information via the ps command.
Xcloner Xcloner 3.1.1Xcloner Xcloner 3.5.1
8.8
CVSSv3
CVE-2015-5483
Multiple cross-site request forgery (CSRF) vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote malicious users to hijack the authentication of administrators for requests that (1) add users, (2) delete posts, or (3) modify PHP files via unspecified vectors...
Private Only Project Private Only 3.5.1
7.5
CVSSv3
CVE-2018-15818
An issue exists in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php.
Reputeinfosystems Repute Arforms
5.4
CVSSv3
CVE-2018-20368
The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback.
Averta Master Slider 3.5.1Averta Master Slider 3.2.7
NA
CVE-2011-4671
SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions prior to 3.6.8, for WordPress allows remote malicious users to execute arbitrary SQL commands via the track parameter (aka redirect URL).
Adrotateplugin Adrotate 3.6.3Adrotateplugin Adrotate 3.6.2Adrotateplugin Adrotate 3.3Adrotateplugin Adrotate 3.2.2Adrotateplugin Adrotate 3.0.1Adrotateplugin Adrotate 3.0Adrotateplugin Adrotate 2.4.1Adrotateplugin Adrotate 2.4Adrotateplugin Adrotate 1.0Adrotateplugin Adrotate 0.8Adrotateplugin Adrotate 0.2Adrotateplugin Adrotate 0.1Adrotateplugin AdrotateAdrotateplugin Adrotate 3.6.6Adrotateplugin Adrotate 3.5.1Adrotateplugin Adrotate 3.5Adrotateplugin Adrotate 3.1.1Adrotateplugin Adrotate 3.1Adrotateplugin Adrotate 2.5Adrotateplugin Adrotate 2.4.4Adrotateplugin Adrotate 2.2Adrotateplugin Adrotate 2.1
NA
CVE-2013-1852
SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin prior to 3.8.1 for WordPress allows remote malicious users to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php.
Kolja Schleich LeaguemanagerKolja Schleich Leaguemanager 3.7Kolja Schleich Leaguemanager 3.6.9Kolja Schleich Leaguemanager 3.5.2Kolja Schleich Leaguemanager 3.5.1Kolja Schleich Leaguemanager 3.5Kolja Schleich Leaguemanager 3.4.2Kolja Schleich Leaguemanager 3.1.7Kolja Schleich Leaguemanager 3.1.6Kolja Schleich Leaguemanager 3.1.5Kolja Schleich Leaguemanager 3.1.4Kolja Schleich Leaguemanager 2.9Kolja Schleich Leaguemanager 2.8Kolja Schleich Leaguemanager 2.7.1Kolja Schleich Leaguemanager 2.1Kolja Schleich Leaguemanager 2.0Kolja Schleich Leaguemanager 1.5Kolja Schleich Leaguemanager 1.4.2Kolja Schleich Leaguemanager 3.6.7Kolja Schleich Leaguemanager 3.6.5Kolja Schleich Leaguemanager 3.6Kolja Schleich Leaguemanager 3.5.5
4.8
CVSSv3
CVE-2022-2118
The 404s WordPress plugin prior to 3.5.1 does not sanitise and escape its fields, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Tooltulips 404s
NA
CVE-2010-4403
The Register Plus plugin 3.5.1 and previous versions for WordPress allows remote malicious users to obtain sensitive information via a direct request to (1) dash_widget.php and (2) register-plus.php, which reveals the installation path in an error message.
Devbits Register-plus 3.4Devbits Register-plus 3.3Devbits Register-plus 2.7Devbits Register-plus 2.6Devbits Register-plus 1.2Devbits Register-plus 1.1Devbits Register-plus 3.5Devbits Register-plus 3.4.1Devbits Register-plus 3.0Devbits Register-plus 2.9Devbits Register-plus 2.8Devbits Register-plus 2.1Devbits Register-plus 2.0Devbits Register-plus 3.2Devbits Register-plus 3.1Devbits Register-plus 2.5Devbits Register-plus 2.4Devbits Register-plusDevbits Register-plus 3.0.2Devbits Register-plus 3.0.1Devbits Register-plus 2.3Devbits Register-plus 2.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook