Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.1.1 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-14622
Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin prior to 2.1.1 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin....
2kblater 2kb Amazon Affiliates Store
7.5
CVSSv3
CVE-2017-11658
In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack.
Wp-rocket Wp-rocket 2.6.14
Wp-rocket Wp-rocket 2.0.4
Wp-rocket Wp-rocket 2.5.9
Wp-rocket Wp-rocket 2.0.0
Wp-rocket Wp-rocket 2.9.1
Wp-rocket Wp-rocket 2.7.3
Wp-rocket Wp-rocket 2.7.0
Wp-rocket Wp-rocket 2.8.5
Wp-rocket Wp-rocket 2.10.0
Wp-rocket Wp-rocket 2.3.9
Wp-rocket Wp-rocket 2.3.1
Wp-rocket Wp-rocket 2.8.11
Wp-rocket Wp-rocket 2.3.5
Wp-rocket Wp-rocket 2.9.6
Wp-rocket Wp-rocket 2.5.10
Wp-rocket Wp-rocket 2.6.9
Wp-rocket Wp-rocket 2.9.11
Wp-rocket Wp-rocket 2.8.3
Wp-rocket Wp-rocket 2.8.18
Wp-rocket Wp-rocket 2.6.13
Wp-rocket Wp-rocket 2.8.23
Wp-rocket Wp-rocket 2.6.6
6.1
CVSSv3
CVE-2017-9420
Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin prior to 3.3.0 for WordPress allows remote malicious users to inject arbitrary JavaScript via the yr parameter.
Sunnythemes Spiffy Calendar 1.3.1
Sunnythemes Spiffy Calendar 1.1.8
Sunnythemes Spiffy Calendar 2.1.1
Sunnythemes Spiffy Calendar 3.1.2
Sunnythemes Spiffy Calendar 3.0.2
Sunnythemes Spiffy Calendar 3.1.3
Sunnythemes Spiffy Calendar 1.1.4
Sunnythemes Spiffy Calendar 1.1.3
Sunnythemes Spiffy Calendar 3.0.7
Sunnythemes Spiffy Calendar 1.2.0
Sunnythemes Spiffy Calendar 3.0.5
Sunnythemes Spiffy Calendar 3.1.0
Sunnythemes Spiffy Calendar 1.1.6
Sunnythemes Spiffy Calendar 3.0.8
Sunnythemes Spiffy Calendar 3.0.6
Sunnythemes Spiffy Calendar 1.1.5
Sunnythemes Spiffy Calendar 3.0.4
Sunnythemes Spiffy Calendar 1.2.1
Sunnythemes Spiffy Calendar 3.1.1
Sunnythemes Spiffy Calendar 1.0.0
Sunnythemes Spiffy Calendar 1.1.1
Sunnythemes Spiffy Calendar 1.1.7
NA
CVE-2014-8585
Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.
Wpdownloadmanager Wordpress Download Manager 1.1
Wpdownloadmanager Wordpress Download Manager 1.2
Wpdownloadmanager Wordpress Download Manager 1.2.1
Wpdownloadmanager Wordpress Download Manager 1.2.2
Wpdownloadmanager Wordpress Download Manager 1.2.3
Wpdownloadmanager Wordpress Download Manager 1.2.4
Wpdownloadmanager Wordpress Download Manager 1.2.5
Wpdownloadmanager Wordpress Download Manager 1.3
Wpdownloadmanager Wordpress Download Manager 1.4
Wpdownloadmanager Wordpress Download Manager 1.5
Wpdownloadmanager Wordpress Download Manager 1.5.1
Wpdownloadmanager Wordpress Download Manager 1.5.2
Wpdownloadmanager Wordpress Download Manager 1.5.3
Wpdownloadmanager Wordpress Download Manager 1.5.9
Wpdownloadmanager Wordpress Download Manager 1.5.32
Wpdownloadmanager Wordpress Download Manager 1.5.33
Wpdownloadmanager Wordpress Download Manager 2.0.1
Wpdownloadmanager Wordpress Download Manager 2.0.2
Wpdownloadmanager Wordpress Download Manager 2.0.3
Wpdownloadmanager Wordpress Download Manager 2.0.4
Wpdownloadmanager Wordpress Download Manager 2.0.5
Wpdownloadmanager Wordpress Download Manager 2.0.6
NA
CVE-2014-6313
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin prior to 2.2.3 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the range parameter on the wc-reports page to wp-admin/admin.php.
Woothemes Woocommerce Plugin 2.2.1
Woothemes Woocommerce Plugin 2.1.9
Woothemes Woocommerce Plugin 2.1.10
Woothemes Woocommerce Plugin 2.1.0
Woothemes Woocommerce Plugin 2.1.11
Woothemes Woocommerce Plugin 2.1.8
Woothemes Woocommerce Plugin 2.1.5
Woothemes Woocommerce Plugin 2.1.3
Woothemes Woocommerce Plugin 2.1.6
Woothemes Woocommerce Plugin 2.1.2
Woothemes Woocommerce Plugin 2.2.0
Woothemes Woocommerce Plugin 2.1.4
Woothemes Woocommerce Plugin 2.1.12
Woothemes Woocommerce Plugin
Woothemes Woocommerce Plugin 2.1.7
Woothemes Woocommerce Plugin 2.1.1
NA
CVE-2014-3907
Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin prior to 2.6.11 for WordPress allows remote malicious users to hijack the authentication of arbitrary users.
Mailpoet Mailpoet Newsletters 2.1.1
Mailpoet Mailpoet Newsletters 2.0.6
Mailpoet Mailpoet Newsletters 1.1.5
Mailpoet Mailpoet Newsletters 2.0
Mailpoet Mailpoet Newsletters 2.6.6
Mailpoet Mailpoet Newsletters 2.1.2
Mailpoet Mailpoet Newsletters 2.6.3
Mailpoet Mailpoet Newsletters 1.0.1
Mailpoet Mailpoet Newsletters 2.5.4
Mailpoet Mailpoet Newsletters 0.9.2
Mailpoet Mailpoet Newsletters 2.3.1
Mailpoet Mailpoet Newsletters 2.4.1
Mailpoet Mailpoet Newsletters 2.3.2
Mailpoet Mailpoet Newsletters 2.6
Mailpoet Mailpoet Newsletters 2.5.9.3
Mailpoet Mailpoet Newsletters 2.0.7
Mailpoet Mailpoet Newsletters 2.0.8
Mailpoet Mailpoet Newsletters 2.0.9
Mailpoet Mailpoet Newsletters 2.4.4
Mailpoet Mailpoet Newsletters 2.6.4
Mailpoet Mailpoet Newsletters 2.5.3
Mailpoet Mailpoet Newsletters 2.3.3
NA
CVE-2014-4726
Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin prior to 2.6.8 for WordPress has unspecified impact and attack vectors.
Mailpoet Mailpoet Newsletters 2.1.1
Mailpoet Mailpoet Newsletters 2.0.6
Mailpoet Mailpoet Newsletters 1.1.5
Mailpoet Mailpoet Newsletters 2.0
Mailpoet Mailpoet Newsletters 2.6.6
Mailpoet Mailpoet Newsletters 2.1.2
Mailpoet Mailpoet Newsletters 2.6.3
Mailpoet Mailpoet Newsletters 1.0.1
Mailpoet Mailpoet Newsletters 2.5.4
Mailpoet Mailpoet Newsletters 0.9.2
Mailpoet Mailpoet Newsletters 2.3.1
Mailpoet Mailpoet Newsletters 2.4.1
Mailpoet Mailpoet Newsletters 2.3.2
Mailpoet Mailpoet Newsletters 2.6
Mailpoet Mailpoet Newsletters 2.5.9.3
Mailpoet Mailpoet Newsletters 2.0.7
Mailpoet Mailpoet Newsletters 2.0.8
Mailpoet Mailpoet Newsletters 2.0.9
Mailpoet Mailpoet Newsletters 2.4.4
Mailpoet Mailpoet Newsletters 2.6.4
Mailpoet Mailpoet Newsletters 2.5.3
Mailpoet Mailpoet Newsletters 2.3.3
NA
CVE-2014-4725
The MailPoet Newsletters (wysija-newsletters) plugin prior to 2.6.7 for WordPress allows remote malicious users to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/...
Mailpoet Mailpoet Newsletters 2.1.1
Mailpoet Mailpoet Newsletters 2.0.6
Mailpoet Mailpoet Newsletters 1.1.5
Mailpoet Mailpoet Newsletters 2.0
Mailpoet Mailpoet Newsletters 2.1.2
Mailpoet Mailpoet Newsletters 2.6.3
Mailpoet Mailpoet Newsletters 1.0.1
Mailpoet Mailpoet Newsletters 2.5.4
Mailpoet Mailpoet Newsletters 0.9.2
Mailpoet Mailpoet Newsletters 2.3.1
Mailpoet Mailpoet Newsletters 2.4.1
Mailpoet Mailpoet Newsletters 2.3.2
Mailpoet Mailpoet Newsletters 2.6
Mailpoet Mailpoet Newsletters 2.5.9.3
Mailpoet Mailpoet Newsletters 2.0.7
Mailpoet Mailpoet Newsletters 2.0.8
Mailpoet Mailpoet Newsletters 2.0.9
Mailpoet Mailpoet Newsletters 2.4.4
Mailpoet Mailpoet Newsletters 2.6.4
Mailpoet Mailpoet Newsletters 2.5.3
Mailpoet Mailpoet Newsletters 2.3.3
Mailpoet Mailpoet Newsletters 2.0.5
1 EDB exploit
NA
CVE-2014-4521
Cross-site scripting (XSS) vulnerability in client-assist.php in the dsIDXpress IDX plugin prior to 2.1.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the action parameter.
Diversesolutions Dsidxpress Idx Plugin 2.0.16
Diversesolutions Dsidxpress Idx Plugin 2.0.0
Diversesolutions Dsidxpress Idx Plugin 2.0.1
Diversesolutions Dsidxpress Idx Plugin 2.0.18
Diversesolutions Dsidxpress Idx Plugin 2.0.37
Diversesolutions Dsidxpress Idx Plugin 2.0.32
Diversesolutions Dsidxpress Idx Plugin 2.0.7
Diversesolutions Dsidxpress Idx Plugin 2.0.19
Diversesolutions Dsidxpress Idx Plugin 2.0.4
Diversesolutions Dsidxpress Idx Plugin 2.0.5
Diversesolutions Dsidxpress Idx Plugin 2.0.34
Diversesolutions Dsidxpress Idx Plugin 2.0.11
Diversesolutions Dsidxpress Idx Plugin 2.0.22
Diversesolutions Dsidxpress Idx Plugin 2.0.30
Diversesolutions Dsidxpress Idx Plugin 2.0.17
Diversesolutions Dsidxpress Idx Plugin 2.0.12
Diversesolutions Dsidxpress Idx Plugin 2.0.31
Diversesolutions Dsidxpress Idx Plugin
Diversesolutions Dsidxpress Idx Plugin 2.0.6
Diversesolutions Dsidxpress Idx Plugin 2.0.10
Diversesolutions Dsidxpress Idx Plugin 2.0.14
Diversesolutions Dsidxpress Idx Plugin 2.0.9
NA
CVE-2014-4030
Cross-site request forgery (CSRF) vulnerability in the JW Player plugin prior to 2.1.4 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that remove players via a delete action to wp-admin/admin.php.
Longtailvideo Jw Player For Flash & Html5 Video Plugin 2.0.1
Longtailvideo Jw Player For Flash & Html5 Video Plugin 2.1.2
Longtailvideo Jw Player For Flash & Html5 Video Plugin 2.0.2
Longtailvideo Jw Player For Flash & Html5 Video Plugin 2.1.0
Longtailvideo Jw Player For Flash & Html5 Video Plugin 2.0.5
Longtailvideo Jw Player For Flash & Html5 Video Plugin 2.1.1
Longtailvideo Jw Player For Flash & Html5 Video Plugin
Longtailvideo Jw Player For Flash & Html5 Video Plugin 2.0.0
Longtailvideo Jw Player For Flash & Html5 Video Plugin 2.0.3
Longtailvideo Jw Player For Flash & Html5 Video Plugin 2.0.4
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28995
CVE-2024-36680
CVE-2024-35537
unauthorized
CVE-2024-21518
CVE-2024-37673
cross-site scripting
SSRF
CVE-2024-6241
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »