Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 0.7 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2011-3853
Cross-site scripting (XSS) vulnerability in the Hybrid theme prior to 0.10 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the cpage parameter.
Themehybrid Hybrid
Themehybrid Hybrid 0.3
Themehybrid Hybrid 0.4
Themehybrid Hybrid 0.5
Themehybrid Hybrid 0.5.1
Themehybrid Hybrid 0.5.2
Themehybrid Hybrid 0.6
Themehybrid Hybrid 0.6.1
Themehybrid Hybrid 0.6.2
Themehybrid Hybrid 0.7
Themehybrid Hybrid 0.7.1
Themehybrid Hybrid 0.8
4.3
CVSSv2
CVE-2011-3863
Cross-site scripting (XSS) vulnerability in the RedLine theme prior to 1.66 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the s parameter.
Post-scriptum Redline
Post-scriptum Redline 0.2.1
Post-scriptum Redline 0.2.2
Post-scriptum Redline 0.2.3
Post-scriptum Redline 0.2.5
Post-scriptum Redline 0.2.6
Post-scriptum Redline 0.2.7
Post-scriptum Redline 0.2.7.1
Post-scriptum Redline 0.2.9
Post-scriptum Redline 0.3
Post-scriptum Redline 0.5
Post-scriptum Redline 0.5.5
Post-scriptum Redline 0.7
Post-scriptum Redline 0.7.1
Post-scriptum Redline 0.7.5
Post-scriptum Redline 0.8
Post-scriptum Redline 0.85
Post-scriptum Redline 0.90
Post-scriptum Redline 1.0
Post-scriptum Redline 1.0.1
Post-scriptum Redline 1.0.3
Post-scriptum Redline 1.1
1 EDB exploit
4.3
CVSSv2
CVE-2010-4518
Cross-site scripting (XSS) vulnerability in wp-safe-search/wp-safe-search-jx.php in the Safe Search plugin 0.7 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the v1 parameter.
Wobeo Wp-safe-search 0.7
1 EDB exploit
4.3
CVSSv2
CVE-2008-5278
Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress prior to 2.6.5 allows remote malicious users to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable).
Wordpress Wordpress 2.3
Wordpress Wordpress 2.2 Revision5003
Wordpress Wordpress 2.1.3 Rc1
Wordpress Wordpress 2.1.3
Wordpress Wordpress 2.1
Wordpress Wordpress 2.0.8
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.10
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.2.2
Wordpress Wordpress 1.0-platinum
Wordpress Wordpress 1.0.2-blakey
Wordpress Wordpress 0.6.2.1
Wordpress Wordpress 0.6.2
Wordpress Wordpress 0.72
Wordpress Wordpress 2.5
Wordpress Wordpress 2.5.1
Wordpress Wordpress 2.3.1
Wordpress Wordpress 2.2.2
Wordpress Wordpress 2.2.1
Wordpress Wordpress 2.2.0
4.3
CVSSv2
CVE-2008-3233
Cross-site scripting (XSS) vulnerability in WordPress prior to 2.6, SVN development versions only, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Wordpress Wordpress 1.0
Wordpress Wordpress 1.0.1
Wordpress Wordpress 1.0.2
Wordpress Wordpress 1.2
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.10
Wordpress Wordpress 2.0.10 Rc1
Wordpress Wordpress 2.0.10 Rc2
Wordpress Wordpress 2.1.3 Rc1
Wordpress Wordpress 2.1.3 Rc2
Wordpress Wordpress 2.2
Wordpress Wordpress 2.2.0
Wordpress Wordpress 0.7
Wordpress Wordpress 0.711
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.3.1
Wordpress Wordpress 1.5
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 1.6
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.0.9
1 EDB exploit
4.3
CVSSv2
CVE-2007-4893
wp-admin/admin-functions.php in Wordpress prior to 2.2.3 and Wordpress multi-user (MU) prior to 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2...
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.2.2
Wordpress Wordpress 2.0.10 Rc2
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.1.2
Wordpress Wordpress 2.1.3
Wordpress Wordpress 2.2 Revision5003
Wordpress Wordpress 0.6.2.1
Wordpress Wordpress 0.7
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 2.0
Wordpress Wordpress 2.0.5
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.2
Wordpress Wordpress 2.2.1
Wordpress Wordpress 0.6.2
Wordpress Wordpress 0.71
Wordpress Wordpress 1.2
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.10 Rc1
Wordpress Wordpress 2.0.7
Wordpress Wordpress 2.1.1
4.3
CVSSv2
CVE-2007-1049
Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 prior to 2.0.9 and 2.1 prior to 2.1.1 allows remote malicious users to inject arbitrary web script or HTML via the file parameter...
Wordpress Wordpress 1.5
Wordpress Wordpress 1.5.1
Wordpress Wordpress 2.0.3
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.0.5
Wordpress Wordpress 0.6.2
Wordpress Wordpress 0.7
Wordpress Wordpress 1.5.2
Wordpress Wordpress 2.0
Wordpress Wordpress 0.6.2.1
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.7
Wordpress Wordpress 0.71
Wordpress Wordpress 1.2.2
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.2
Wordpress Wordpress 1.2
Wordpress Wordpress 1.2.1
1 EDB exploit
4.3
CVSSv2
CVE-2006-1263
Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress prior to 2.0.2 allow remote malicious users to inject arbitrary web script or HTML via unknown attack vectors.
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.5
Wordpress Wordpress 2.0
Wordpress Wordpress 0.6.2.1
Wordpress Wordpress 0.6.2
Wordpress Wordpress 0.7
Wordpress Wordpress 0.71
Wordpress Wordpress 1.5.1
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 1.5.2
Wordpress Wordpress 1.2
Wordpress Wordpress 1.2.2
Wordpress Wordpress 2.0.1
NA
CVE-2021-24559
The Qyrr WordPress plugin prior to 0.7 does not escape the data-uri of the QR Code when outputting it in a src attribute, allowing for Cross-Site Scripting attacks. Furthermore, the data_uri_to_meta AJAX action, available to all authenticated users, only had a CSRF check in place...
Patrickposner Qyrr
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2024-5274
CVE-2020-17519
CVE-2024-35340
CVE-2021-47558
local
XML injection
CVE-2021-47519
CVE-2021-47543
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4