Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.6.1 vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2015-5715
The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress prior to 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors.
Wordpress Wordpress
7 Github repositories
6.8
CVSSv2
CVE-2015-5731
Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress prior to 4.2.4 allows remote malicious users to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service (editing blockage), via a get-po...
Wordpress Wordpress
4.3
CVSSv2
CVE-2015-5732
Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress prior to 4.2.4 allows remote malicious users to inject arbitrary web script or HTML via a widget title.
Wordpress Wordpress
1 Github repository
4.3
CVSSv2
CVE-2015-5734
Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress prior to 4.2.4 allows remote malicious users to inject arbitrary web script or HTML via a crafted string.
Wordpress Wordpress
5 Github repositories
3.5
CVSSv2
CVE-2015-5622
Cross-site scripting (XSS) vulnerability in WordPress prior to 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-i...
Wordpress Wordpress
Debian Debian Linux 8.0
13 Github repositories
4.3
CVSSv2
CVE-2015-3440
Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress prior to 4.2.1 allows remote malicious users to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type.
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Wordpress Wordpress
1 EDB exploit
14 Github repositories
4.3
CVSSv2
CVE-2015-3438
Multiple cross-site scripting (XSS) vulnerabilities in WordPress prior to 4.1.2, when MySQL is used without strict mode, allow remote malicious users to inject arbitrary web script or HTML via a (1) four-byte UTF-8 character or (2) invalid character that reaches the database laye...
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 7.0
7.5
CVSSv2
CVE-2011-4671
SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions prior to 3.6.8, for WordPress allows remote malicious users to execute arbitrary SQL commands via the track parameter (aka redirect URL).
Adrotateplugin Adrotate 3.6.3
Adrotateplugin Adrotate 3.6.2
Adrotateplugin Adrotate 3.3
Adrotateplugin Adrotate 3.2.2
Adrotateplugin Adrotate 3.0.1
Adrotateplugin Adrotate 3.0
Adrotateplugin Adrotate 2.4.1
Adrotateplugin Adrotate 2.4
Adrotateplugin Adrotate 1.0
Adrotateplugin Adrotate 0.8
Adrotateplugin Adrotate 0.2
Adrotateplugin Adrotate 0.1
Adrotateplugin Adrotate
Adrotateplugin Adrotate 3.6.6
Adrotateplugin Adrotate 3.5.1
Adrotateplugin Adrotate 3.5
Adrotateplugin Adrotate 3.1.1
Adrotateplugin Adrotate 3.1
Adrotateplugin Adrotate 2.5
Adrotateplugin Adrotate 2.4.4
Adrotateplugin Adrotate 2.2
Adrotateplugin Adrotate 2.1
2 EDB exploits
4.3
CVSSv2
CVE-2011-3850
Cross-site scripting (XSS) vulnerability in the Atahualpa theme prior to 3.6.8 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the s parameter.
Bytesforall Atahualpa
Bytesforall Atahualpa 2.0
Bytesforall Atahualpa 2.01
Bytesforall Atahualpa 2.2
Bytesforall Atahualpa 2.21
Bytesforall Atahualpa 3.1
Bytesforall Atahualpa 3.1.1
Bytesforall Atahualpa 3.1.2
Bytesforall Atahualpa 3.1.3
Bytesforall Atahualpa 3.1.4
Bytesforall Atahualpa 3.1.5
Bytesforall Atahualpa 3.1.6
Bytesforall Atahualpa 3.1.8
Bytesforall Atahualpa 3.1.9
Bytesforall Atahualpa 3.2
Bytesforall Atahualpa 3.4
Bytesforall Atahualpa 3.4.01
Bytesforall Atahualpa 3.4.1
Bytesforall Atahualpa 3.4.3
Bytesforall Atahualpa 3.4.4
Bytesforall Atahualpa 3.4.5
Bytesforall Atahualpa 3.4.6
1 EDB exploit
7.5
CVSSv2
CVE-2013-1852
SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin prior to 3.8.1 for WordPress allows remote malicious users to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php.
Kolja Schleich Leaguemanager
Kolja Schleich Leaguemanager 3.7
Kolja Schleich Leaguemanager 3.6.9
Kolja Schleich Leaguemanager 3.5.2
Kolja Schleich Leaguemanager 3.5.1
Kolja Schleich Leaguemanager 3.5
Kolja Schleich Leaguemanager 3.4.2
Kolja Schleich Leaguemanager 3.1.7
Kolja Schleich Leaguemanager 3.1.6
Kolja Schleich Leaguemanager 3.1.5
Kolja Schleich Leaguemanager 3.1.4
Kolja Schleich Leaguemanager 2.9
Kolja Schleich Leaguemanager 2.8
Kolja Schleich Leaguemanager 2.7.1
Kolja Schleich Leaguemanager 2.1
Kolja Schleich Leaguemanager 2.0
Kolja Schleich Leaguemanager 1.5
Kolja Schleich Leaguemanager 1.4.2
Kolja Schleich Leaguemanager 3.6.7
Kolja Schleich Leaguemanager 3.6.5
Kolja Schleich Leaguemanager 3.6
Kolja Schleich Leaguemanager 3.5.5
1 EDB exploit
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »