Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.0.3 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-0194
Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and previous versions allows remote malicious users to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to w...
Wordpress Wordpress
NA
CVE-2007-2821
SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress prior to 2.2 allows remote malicious users to execute arbitrary SQL commands via the cookie parameter.
Wordpress Wordpress
1 EDB exploit
1 Github repository
NA
CVE-2014-4576
Cross-site scripting (XSS) vulnerability in services/diagnostics.php in the WordPress Social Login plugin 2.0.3 and previous versions for WordPress allows remote malicious users to inject arbitrary web script or HTML via the xhrurl parameter.
Wordpress Social Login Project Wordpress Social Login
NA
CVE-2007-3238
Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. ...
Wordpress Wordpress 2.2
4.8
CVSSv3
CVE-2023-4636
The WordPress File Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with admi...
Userprivatefiles Wordpress File Sharing Plugin
1 Github repository
NA
CVE-2013-4240
Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS Testimonials plugin prior to 2.0.11 for WordPress allow remote malicious users to hijack the authentication of administrators for requests that (1) add new testimonials via the hms-testimonials-addnew page, (2)...
Hitmyserver Hms Testimonials 1.1
Hitmyserver Hms Testimonials 1.2
Hitmyserver Hms Testimonials 1.3
Hitmyserver Hms Testimonials 1.4
Hitmyserver Hms Testimonials 1.4.1
Hitmyserver Hms Testimonials 1.5
Hitmyserver Hms Testimonials 1.6
Hitmyserver Hms Testimonials 1.6.1
Hitmyserver Hms Testimonials 1.6.2
Hitmyserver Hms Testimonials 1.7
Hitmyserver Hms Testimonials 1.7.1
Hitmyserver Hms Testimonials 2.0
Hitmyserver Hms Testimonials 2.0.1
Hitmyserver Hms Testimonials 2.0.2
Hitmyserver Hms Testimonials 2.0.3
Hitmyserver Hms Testimonials 2.0.4
Hitmyserver Hms Testimonials 2.0.5
Hitmyserver Hms Testimonials 2.0.6
Hitmyserver Hms Testimonials 2.0.7
Hitmyserver Hms Testimonials 2.0.8
Hitmyserver Hms Testimonials 2.0.9
Hitmyserver Hms Testimonials
1 EDB exploit
NA
CVE-2013-1408
Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin prior to 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php. NOTE: this can be leveraged using CS...
Wysija Newsletters Project Wysija Newsletters 2.1.2
Wysija Newsletters Project Wysija Newsletters 2.0.8
Wysija Newsletters Project Wysija Newsletters 2.1.5
Wysija Newsletters Project Wysija Newsletters 2.0.2
Wysija Newsletters Project Wysija Newsletters 2.0.1
Wysija Newsletters Project Wysija Newsletters 2.0.5
Wysija Newsletters Project Wysija Newsletters 2.0.3
Wysija Newsletters Project Wysija Newsletters 2.0.9.5
Wysija Newsletters Project Wysija Newsletters 2.1.7
Wysija Newsletters Project Wysija Newsletters 2.1.1
Wysija Newsletters Project Wysija Newsletters 2.0
Wysija Newsletters Project Wysija Newsletters
Wysija Newsletters Project Wysija Newsletters 2.0.6
Wysija Newsletters Project Wysija Newsletters 2.1.8
Wysija Newsletters Project Wysija Newsletters 2.1.4
Wysija Newsletters Project Wysija Newsletters 2.0.7
Wysija Newsletters Project Wysija Newsletters 2.1.6
Wysija Newsletters Project Wysija Newsletters 2.1
Wysija Newsletters Project Wysija Newsletters 2.0.9
Wysija Newsletters Project Wysija Newsletters 2.1.3
Wysija Newsletters Project Wysija Newsletters 2.1.9
Wysija Newsletters Project Wysija Newsletters 2.0.4
1 EDB exploit
NA
CVE-2014-4942
The EasyCart (wp-easycart) plugin prior to 2.0.6 for WordPress allows remote malicious users to obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function.
Levelfourdevelopment Wp-easycart 2.0.1
Levelfourdevelopment Wp-easycart 2.0.2
Levelfourdevelopment Wp-easycart
Levelfourdevelopment Wp-easycart 2.0.4
Levelfourdevelopment Wp-easycart 2.0.3
NA
CVE-2012-6112
classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon prior to 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x prior to 2.1.10, 2.2.x prior to 2.2.7, 2.3.x prior to 2.3.4, and 2.4.x prior to 2.4.1 and other products, does not properly handle control charact...
Tinymce Spellchecker Php 2.0
Tinymce Spellchecker Php 2.0.1
Tinymce Spellchecker Php 2.0.2
Tinymce Spellchecker Php 2.0.3
Tinymce Spellchecker Php 2.0.6
Moodle Moodle 2.1.2
Moodle Moodle 2.1.8
Moodle Moodle 2.1.9
Moodle Moodle 2.1.1
Moodle Moodle 2.1.5
Moodle Moodle 2.1.6
Moodle Moodle 2.1.3
Moodle Moodle 2.1.7
Moodle Moodle 2.1.4
Moodle Moodle 2.1.0
Moodle Moodle 2.2.2
Moodle Moodle 2.2.6
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.2.5
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
9.8
CVSSv3
CVE-2015-9323
The 404-to-301 plugin prior to 2.0.3 for WordPress has SQL injection.
Duckdev 404 To 301
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege
CVE-2022-48762
CVE-2022-48751
CVE-2024-37079
CVE-2024-30848
LFI
man-in-the-middle
CVE-2022-48736
CVE-2024-30103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »