Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.1 vulnerabilities and exploits
(subscribe to this query)
655
VMScore
CVE-2007-1897
SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable.
Wordpress Wordpress
Wordpress Wordpress 2.1
Wordpress Wordpress 2.1.1
1 EDB exploit
645
VMScore
CVE-2014-1907
Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin prior to 4.29.5 for WordPress allow remote malicious users to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a...
Videowhisper Live Streaming Integration Plugin 4.27
Videowhisper Live Streaming Integration Plugin 4.27.3
Videowhisper Live Streaming Integration Plugin 2.1
Videowhisper Live Streaming Integration Plugin 2.0
Videowhisper Live Streaming Integration Plugin
Videowhisper Live Streaming Integration Plugin 4.25.3
Videowhisper Live Streaming Integration Plugin 1.0.2
Videowhisper Live Streaming Integration Plugin 4.05
Videowhisper Live Streaming Integration Plugin 2.2
Videowhisper Live Streaming Integration Plugin 4.25
Videowhisper Live Streaming Integration Plugin 4.07
1 EDB exploit
605
VMScore
CVE-2018-5669
An issue exists in the read-and-understood plugin 2.1 for WordPress. CSRF exists via wp-admin/options-general.php.
Read And Understood Project Read And Understood 2.1
605
VMScore
CVE-2014-9368
Cross-site request forgery (CSRF) vulnerability in the twitterDash plugin 2.1 and previous versions for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the username_twitterDash...
Twitterdash Project Twitterdash
605
VMScore
CVE-2014-3907
Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin prior to 2.6.11 for WordPress allows remote malicious users to hijack the authentication of arbitrary users.
Mailpoet Mailpoet Newsletters 2.6.6
Mailpoet Mailpoet Newsletters 2.6.4
Mailpoet Mailpoet Newsletters 2.6
Mailpoet Mailpoet Newsletters 2.5.9.3
Mailpoet Mailpoet Newsletters 2.5.4
Mailpoet Mailpoet Newsletters 2.5.2
Mailpoet Mailpoet Newsletters 2.4
Mailpoet Mailpoet Newsletters 2.3.4
Mailpoet Mailpoet Newsletters 2.2.3
Mailpoet Mailpoet Newsletters 2.2.1
Mailpoet Mailpoet Newsletters 2.1.4
Mailpoet Mailpoet Newsletters 2.6.3
Mailpoet Mailpoet Newsletters 2.6.2
Mailpoet Mailpoet Newsletters 2.6.1
Mailpoet Mailpoet Newsletters 2.5.1
Mailpoet Mailpoet Newsletters 2.5
Mailpoet Mailpoet Newsletters 2.4.4
Mailpoet Mailpoet Newsletters 2.4.3
Mailpoet Mailpoet Newsletters 2.4.2
Mailpoet Mailpoet Newsletters 2.1.9
Mailpoet Mailpoet Newsletters 2.1.8
Mailpoet Mailpoet Newsletters 2.1.7
605
VMScore
CVE-2013-2705
Cross-site request forgery (CSRF) vulnerability in the WordPress Simple Paypal Shopping Cart plugin prior to 3.6 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that change plugin settings.
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 3.3.1
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 3.2.9
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.5
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.3
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.1
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.6
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.4
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 3.2.8
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 3.2.7
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.8
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.6
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.2.2
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.2
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 3.4
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.0
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.9
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.8
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.7
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 3.3.2
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 3.3.0
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.4
605
VMScore
CVE-2013-2707
Cross-site request forgery (CSRF) vulnerability in the Login With Ajax plugin prior to 3.1 for WordPress allows remote malicious users to hijack the authentication of arbitrary users for requests that modify this plugin's settings.
Netweblogic Login With Ajax 2.2
Netweblogic Login With Ajax 2.1.5
Netweblogic Login With Ajax 2.1.4
Netweblogic Login With Ajax 2.1.3
Netweblogic Login With Ajax 3.0
Netweblogic Login With Ajax 3.0.1
Netweblogic Login With Ajax 3.0.2
Netweblogic Login With Ajax 3.0.3
Netweblogic Login With Ajax 3.0.4.1
Netweblogic Login With Ajax 2.1.1
Netweblogic Login With Ajax 2.1
Netweblogic Login With Ajax 3.0b3
Netweblogic Login With Ajax 3.0.4
Netweblogic Login With Ajax 3.1
Netweblogic Login With Ajax 2.21
Netweblogic Login With Ajax 2.1.2
Netweblogic Login With Ajax 3.0b
605
VMScore
CVE-2012-3384
Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress prior to 3.4.1 allows remote malicious users to hijack the authentication of unspecified victims via unknown vectors.
Wordpress Wordpress
Wordpress Wordpress 3.3.3
Wordpress Wordpress 3.3.2
Wordpress Wordpress 3.3
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.0
Wordpress Wordpress 2.9.2
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.1.1
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.0.6
Wordpress Wordpress 2.1.3
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.3
Wordpress Wordpress 2.0.8
Wordpress Wordpress 2.2.2
Wordpress Wordpress 2.3.2
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.10
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.8.5
Wordpress Wordpress 2.8.5.1
578
VMScore
CVE-2021-25054
The WPcalc WordPress plugin up to and including 2.1 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability.
Wow-company Wpcalc
578
VMScore
CVE-2015-9460
The booking-system plugin prior to 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter.
Pinpoint Pinpoint Booking System
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »