Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-9035
Cross-site scripting (XSS) vulnerability in Press This in WordPress prior to 3.7.5, 3.8.x prior to 3.8.5, 3.9.x prior to 3.9.3, and 4.x prior to 4.0.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Wordpress Wordpress
Wordpress Wordpress 3.8.4
Wordpress Wordpress 3.9
Wordpress Wordpress 3.9.1
Wordpress Wordpress 3.9.2
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.8.3
Wordpress Wordpress 4.0
Wordpress Wordpress 3.8
Wordpress Wordpress 3.8.2
Debian Debian Linux 8.0
Debian Debian Linux 7.0
NA
CVE-2014-9037
WordPress prior to 3.7.5, 3.8.x prior to 3.8.5, 3.9.x prior to 3.9.3, and 4.x prior to 4.0.1 might allow remote malicious users to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.
Mageia Project Mageia 4
Mageia Project Mageia 3
Wordpress Wordpress 3.8
Wordpress Wordpress 3.9
Wordpress Wordpress 3.9.2
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.8.2
Wordpress Wordpress 3.8.3
Wordpress Wordpress 3.8.4
Wordpress Wordpress
Wordpress Wordpress 3.9.1
Wordpress Wordpress 4.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
NA
CVE-2014-9039
wp-login.php in WordPress prior to 3.7.5, 3.8.x prior to 3.8.5, 3.9.x prior to 3.9.3, and 4.x prior to 4.0.1 might allow remote malicious users to reset passwords by leveraging access to an e-mail account that received a password-reset message.
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Mageia Project Mageia 4
Mageia Project Mageia 3
Wordpress Wordpress 3.9.1
Wordpress Wordpress 3.9.2
Wordpress Wordpress 4.0
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.8.3
Wordpress Wordpress 3.9
Wordpress Wordpress
Wordpress Wordpress 3.8
Wordpress Wordpress 3.8.2
Wordpress Wordpress 3.8.4
NA
CVE-2014-7152
Cross-site scripting (XSS) vulnerability in the Easy MailChimp Forms plugin 3.0 up to and including 5.0.6 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the update_options action to wp-admin/admin-ajax.php.
Mailchimp Easy Mailchimp Forms Plugin 5.0.6
Mailchimp Easy Mailchimp Forms Plugin 5.0.5
Mailchimp Easy Mailchimp Forms Plugin 5.0.3
Mailchimp Easy Mailchimp Forms Plugin 4.2
Mailchimp Easy Mailchimp Forms Plugin 4.0
Mailchimp Easy Mailchimp Forms Plugin 5.0.1
Mailchimp Easy Mailchimp Forms Plugin 5.0
Mailchimp Easy Mailchimp Forms Plugin 4.4
Mailchimp Easy Mailchimp Forms Plugin 4.3
Mailchimp Easy Mailchimp Forms Plugin 5.0.4
Mailchimp Easy Mailchimp Forms Plugin 5.0.2
Mailchimp Easy Mailchimp Forms Plugin 4.2.1
Mailchimp Easy Mailchimp Forms Plugin 4.1
Mailchimp Easy Mailchimp Forms Plugin 3.0
NA
CVE-2014-5183
SQL injection vulnerability in includes/mode-edit.php in the Simple Retail Menus (simple-retail-menus) plugin prior to 4.1 for WordPress allows remote authenticated editors to execute arbitrary SQL commands via the targetmenu parameter in an edit action to wp-admin/admin.php.
Simple Retail Menus Plugin Project Simple-retail-menus
Simple Retail Menus Plugin Project Simple-retail-menus 4.0
NA
CVE-2014-4717
Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin prior to 4.5 for WordPress allow remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba...
Sharethis Simple Share Buttons Adder 2.2
Sharethis Simple Share Buttons Adder 2.0
Sharethis Simple Share Buttons Adder 1.0
Sharethis Simple Share Buttons Adder 3.2
Sharethis Simple Share Buttons Adder 3.9
Sharethis Simple Share Buttons Adder 3.8
Sharethis Simple Share Buttons Adder 1.5
Sharethis Simple Share Buttons Adder 2.3
Sharethis Simple Share Buttons Adder 1.1
Sharethis Simple Share Buttons Adder 3.1
Sharethis Simple Share Buttons Adder 3.0
Sharethis Simple Share Buttons Adder 2.9
Sharethis Simple Share Buttons Adder 1.3
Sharethis Simple Share Buttons Adder 4.1
Sharethis Simple Share Buttons Adder 4.0
Sharethis Simple Share Buttons Adder 2.4
Sharethis Simple Share Buttons Adder
Sharethis Simple Share Buttons Adder 4.2
Sharethis Simple Share Buttons Adder 3.5
Sharethis Simple Share Buttons Adder 2.8
Sharethis Simple Share Buttons Adder 2.6
Sharethis Simple Share Buttons Adder 1.9
1 EDB exploit
NA
CVE-2013-1949
Social Media Widget (social-media-widget) plugin 4.0 for WordPress contains an externally introduced modification (Trojan Horse), which allows remote malicious users to force the upload of arbitrary files.
Blinkwebeffects Social-media-widget 4.0
NA
CVE-2011-3854
Cross-site scripting (XSS) vulnerability in the ZenLite theme prior to 4.4 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the s parameter.
Quirm Zenlite
Quirm Zenlite 1.0
Quirm Zenlite 1.1
Quirm Zenlite 1.2
Quirm Zenlite 1.3
Quirm Zenlite 2.0
Quirm Zenlite 2.1
Quirm Zenlite 2.2
Quirm Zenlite 2.4
Quirm Zenlite 2.5
Quirm Zenlite 2.6
Quirm Zenlite 2.7
Quirm Zenlite 3.0
Quirm Zenlite 3.1
Quirm Zenlite 3.2
Quirm Zenlite 3.3
Quirm Zenlite 3.4
Quirm Zenlite 3.5
Quirm Zenlite 3.51
Quirm Zenlite 3.52
Quirm Zenlite 3.60
Quirm Zenlite 3.61
NA
CVE-2008-4796
The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and previous versions, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote malicious users to execute arbitrary commands vi...
Snoopy Project Snoopy
Debian Debian Linux 4.0
Debian Debian Linux 5.0
Nagios Nagios
Wordpress Wordpress
NA
CVE-2008-4107
The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows malicious users to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset funct...
Php Php 4.4.7
Php Php 4.3.9
Php Php 4.3.8
Php Php 4.3.11
Php Php 4.3.10
Php Php 4.2.1
Php Php 4.0
Php Php 4.0.4
Php Php 4.0.3
Php Php 4.4.6
Php Php 4.4.5
Php Php 4.3.7
Php Php 4.3.6
Php Php 4.3.1
Php Php 4.3.0
Php Php 4.1.0
Php Php 4.1.2
Php Php 4.0.7
Php Php 4.0.2
Php Php 4.0.1
Php Php 4.4.1
Php Php 4.4.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3