Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.6.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-5731
Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress prior to 4.2.4 allows remote malicious users to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service (editing blockage), via a get-po...
Wordpress Wordpress
NA
CVE-2015-5732
Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress prior to 4.2.4 allows remote malicious users to inject arbitrary web script or HTML via a widget title.
Wordpress Wordpress
1 Github repository
5.4
CVSSv3
CVE-2015-7989
Cross-site scripting (XSS) vulnerability in the user list table in WordPress prior to 4.3.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted e-mail address, a different vulnerability than CVE-2015-5714.
Wordpress Wordpress
2 Github repositories
NA
CVE-2015-5734
Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress prior to 4.2.4 allows remote malicious users to inject arbitrary web script or HTML via a crafted string.
Wordpress Wordpress
5 Github repositories
NA
CVE-2015-5622
Cross-site scripting (XSS) vulnerability in WordPress prior to 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-i...
Wordpress Wordpress
Debian Debian Linux 8.0
13 Github repositories
NA
CVE-2015-3440
Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress prior to 4.2.1 allows remote malicious users to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type.
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Wordpress Wordpress
1 EDB exploit
14 Github repositories
NA
CVE-2015-3438
Multiple cross-site scripting (XSS) vulnerabilities in WordPress prior to 4.1.2, when MySQL is used without strict mode, allow remote malicious users to inject arbitrary web script or HTML via a (1) four-byte UTF-8 character or (2) invalid character that reaches the database laye...
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 7.0
NA
CVE-2011-4671
SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions prior to 3.6.8, for WordPress allows remote malicious users to execute arbitrary SQL commands via the track parameter (aka redirect URL).
Adrotateplugin Adrotate 3.6.3
Adrotateplugin Adrotate 3.6.2
Adrotateplugin Adrotate 3.3
Adrotateplugin Adrotate 3.2.2
Adrotateplugin Adrotate 3.0.1
Adrotateplugin Adrotate 3.0
Adrotateplugin Adrotate 2.4.1
Adrotateplugin Adrotate 2.4
Adrotateplugin Adrotate 1.0
Adrotateplugin Adrotate 0.8
Adrotateplugin Adrotate 0.2
Adrotateplugin Adrotate 0.1
Adrotateplugin Adrotate
Adrotateplugin Adrotate 3.6.6
Adrotateplugin Adrotate 3.5.1
Adrotateplugin Adrotate 3.5
Adrotateplugin Adrotate 3.1.1
Adrotateplugin Adrotate 3.1
Adrotateplugin Adrotate 2.5
Adrotateplugin Adrotate 2.4.4
Adrotateplugin Adrotate 2.2
Adrotateplugin Adrotate 2.1
2 EDB exploits
NA
CVE-2011-3850
Cross-site scripting (XSS) vulnerability in the Atahualpa theme prior to 3.6.8 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the s parameter.
Bytesforall Atahualpa
Bytesforall Atahualpa 2.0
Bytesforall Atahualpa 2.01
Bytesforall Atahualpa 2.2
Bytesforall Atahualpa 2.21
Bytesforall Atahualpa 3.1
Bytesforall Atahualpa 3.1.1
Bytesforall Atahualpa 3.1.2
Bytesforall Atahualpa 3.1.3
Bytesforall Atahualpa 3.1.4
Bytesforall Atahualpa 3.1.5
Bytesforall Atahualpa 3.1.6
Bytesforall Atahualpa 3.1.8
Bytesforall Atahualpa 3.1.9
Bytesforall Atahualpa 3.2
Bytesforall Atahualpa 3.4
Bytesforall Atahualpa 3.4.01
Bytesforall Atahualpa 3.4.1
Bytesforall Atahualpa 3.4.3
Bytesforall Atahualpa 3.4.4
Bytesforall Atahualpa 3.4.5
Bytesforall Atahualpa 3.4.6
1 EDB exploit
NA
CVE-2013-1852
SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin prior to 3.8.1 for WordPress allows remote malicious users to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php.
Kolja Schleich Leaguemanager
Kolja Schleich Leaguemanager 3.7
Kolja Schleich Leaguemanager 3.6.9
Kolja Schleich Leaguemanager 3.5.2
Kolja Schleich Leaguemanager 3.5.1
Kolja Schleich Leaguemanager 3.5
Kolja Schleich Leaguemanager 3.4.2
Kolja Schleich Leaguemanager 3.1.7
Kolja Schleich Leaguemanager 3.1.6
Kolja Schleich Leaguemanager 3.1.5
Kolja Schleich Leaguemanager 3.1.4
Kolja Schleich Leaguemanager 2.9
Kolja Schleich Leaguemanager 2.8
Kolja Schleich Leaguemanager 2.7.1
Kolja Schleich Leaguemanager 2.1
Kolja Schleich Leaguemanager 2.0
Kolja Schleich Leaguemanager 1.5
Kolja Schleich Leaguemanager 1.4.2
Kolja Schleich Leaguemanager 3.6.7
Kolja Schleich Leaguemanager 3.6.5
Kolja Schleich Leaguemanager 3.6
Kolja Schleich Leaguemanager 3.5.5
1 EDB exploit
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »