Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.0.6 vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2021-24726
The WP Simple Booking Calendar WordPress plugin prior to 2.0.6 did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to an authenticated SQL injection issue
Wpsimplebookingcalendar Wp Simple Booking Calendar
578
VMScore
CVE-2010-5106
The XML-RPC remote publishing interface in xmlrpc.php in WordPress prior to 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role...
Wordpress Wordpress 2.5.1
Wordpress Wordpress 2.1.3
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.3
Wordpress Wordpress 2.0.8
Wordpress Wordpress 2.8
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.10
Wordpress Wordpress 2.0.11
Wordpress Wordpress 2.6.2
Wordpress Wordpress 2.2
Wordpress Wordpress 2.3.3
Wordpress Wordpress 2.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.3.2
Wordpress Wordpress 2.0.5
Wordpress Wordpress 2.0.7
Wordpress Wordpress 2.9.1
Wordpress Wordpress 2.5
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 2.8.2
Wordpress Wordpress 1.5
570
VMScore
CVE-2014-0166
The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress prior to 3.7.2 and 3.8.x prior to 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote malicious users to obtain access via a forged cookie.
Wordpress Wordpress 3.6
Wordpress Wordpress 3.5.1
Wordpress Wordpress 3.3.1
Wordpress Wordpress 3.3
Wordpress Wordpress 3.1
Wordpress Wordpress 3.0.6
Wordpress Wordpress 2.9.2
Wordpress Wordpress 2.9.1.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress
Wordpress Wordpress 3.8
Wordpress Wordpress 3.4.1
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.0.3
Wordpress Wordpress 3.0.2
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 2.8
Wordpress Wordpress 2.7.1
Wordpress Wordpress 2.5.1
1 Github repository
570
VMScore
CVE-2008-0664
The XML-RPC implementation (xmlrpc.php) in WordPress prior to 2.3.3, when registration is enabled, allows remote malicious users to edit posts of other blog users via unknown vectors.
Wordpress Wordpress 1.5
Wordpress Wordpress 1.5.1
Wordpress Wordpress 2.0.10 Rc2
Wordpress Wordpress 2.0.11
Wordpress Wordpress 2.1
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.2
Wordpress Wordpress 2.2.3
Wordpress Wordpress 1.2.2
Wordpress Wordpress 1.3.1
Wordpress Wordpress 2.0.10
Wordpress Wordpress 2.0.10 Rc1
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.7
Wordpress Wordpress 2.2
Wordpress Wordpress 2.2.1
Wordpress Wordpress 1.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.5.2
Wordpress Wordpress 2.0
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.4
516
VMScore
CVE-2010-5293
wp-includes/comment.php in WordPress prior to 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote malicious users to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match.
Wordpress Wordpress 2.0.11
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.0.5
Wordpress Wordpress 2.3.1
Wordpress Wordpress 2.3.2
Wordpress Wordpress 2.3.3
Wordpress Wordpress 2.5
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.8.5
Wordpress Wordpress 2.8.5.1
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 2.0
Wordpress Wordpress 2.0.10
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.8
Wordpress Wordpress 2.1
Wordpress Wordpress 2.2.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.6
Wordpress Wordpress 2.6.2
Wordpress Wordpress 2.8
505
VMScore
CVE-2011-4898
wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and previous versions generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it easier for remote malicious users to co...
Wordpress Wordpress 3.0.5
Wordpress Wordpress 2.0.11
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.1
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.0.4
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.2.1
Wordpress Wordpress 0.711
Wordpress Wordpress 3.1.4
Wordpress Wordpress 2.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 0.7
Wordpress Wordpress 2.1.3
Wordpress Wordpress 3.0
Wordpress Wordpress 2.8
1 EDB exploit
505
VMScore
CVE-2012-0937
wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and previous versions does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote malicious users to use WordPress as a proxy for brute-force attacks or denial o...
Wordpress Wordpress 3.0.5
Wordpress Wordpress 2.0.11
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.1
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.0.4
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.2.1
Wordpress Wordpress 0.711
Wordpress Wordpress 3.1.4
Wordpress Wordpress 2.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 0.7
Wordpress Wordpress 2.1.3
Wordpress Wordpress 3.0
Wordpress Wordpress 2.8
1 EDB exploit
495
VMScore
CVE-2009-2334
wp-admin/admin.php in WordPress and WordPress MU prior to 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote malicious users to specify a configuration file in the page parameter to obtain sensitive information or mod...
Wordpress Wordpress 2.3.3
Wordpress Wordpress 2.3.2
Wordpress Wordpress 2.2.2
Wordpress Wordpress 2.2.1
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.1
Wordpress Wordpress 2.6
Wordpress Wordpress 2.3.1
Wordpress Wordpress 2.2.0
Wordpress Wordpress 2.2
Wordpress Wordpress 2.0.9
Wordpress Wordpress 2.0.8
Wordpress Wordpress 2.0.11
Wordpress Wordpress 2.0.10 Rc2
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 1.2.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 2.5.1
Wordpress Wordpress 2.5
Wordpress Wordpress 2.3
Wordpress Wordpress 2.2 Revision5003
1 EDB exploit
490
VMScore
CVE-2012-2402
wp-admin/plugins.php in WordPress prior to 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors.
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.6.2
Wordpress Wordpress 2.3.1
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.7
Wordpress Wordpress 3.0.3
Wordpress Wordpress 2.3.3
Wordpress Wordpress 3.0.5
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.2.2
Wordpress Wordpress 3.0.1
Wordpress Wordpress 1.2.2
Wordpress Wordpress 1.0.2
Wordpress Wordpress 1.2.5
Wordpress Wordpress 2.5
Wordpress Wordpress 2.7.1
Wordpress Wordpress 2.0.11
Wordpress Wordpress 2.1.3
Wordpress Wordpress 2.2.1
Wordpress Wordpress 1.5.1.1
454
VMScore
CVE-2008-4106
WordPress prior to 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote malicious users to chang...
Wordpress Wordpress 1.2.2
Wordpress Wordpress 1.5-strayhorn
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.0.10
Wordpress Wordpress 2.1.2
Wordpress Wordpress 2.1.3
Wordpress Wordpress 2.6
Wordpress Wordpress 0.71-gold
Wordpress Wordpress 1.5.1.1
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 2.0.11
Wordpress Wordpress 2.0.5
Wordpress Wordpress 2.2
Wordpress Wordpress 2.2.1
Wordpress Wordpress 1.0.1-miles
Wordpress Wordpress 1.0.2-blakey
Wordpress Wordpress 1.2.1
Wordpress Wordpress 2.0
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.9
Wordpress Wordpress 2.1
Wordpress Wordpress 2.1.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »