Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.1 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2015-5715
The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress prior to 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors.
Wordpress Wordpress
7 Github repositories
NA
CVE-2015-5734
Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress prior to 4.2.4 allows remote malicious users to inject arbitrary web script or HTML via a crafted string.
Wordpress Wordpress
5 Github repositories
NA
CVE-2015-2213
SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress prior to 4.2.4 allows remote malicious users to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash.
Wordpress Wordpress
1 Article
5.9
CVSSv3
CVE-2017-8295
WordPress up to and including 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote malicious users to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message t...
Wordpress Wordpress
1 EDB exploit
8 Github repositories
NA
CVE-2015-5730
The sanitize_widget_instance function in wp-includes/class-wp-customize-widgets.php in WordPress prior to 4.2.4 does not use a constant-time comparison for widgets, which allows remote malicious users to conduct a timing side-channel attack by measuring the delay before inequalit...
Wordpress Wordpress
8.6
CVSSv3
CVE-2016-2222
The wp_http_validate_url function in wp-includes/http.php in WordPress prior to 4.4.2 allows remote malicious users to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address in the u parameter to wp-admin/press-this.php.
Wordpress Wordpress 4.4.1
1 Github repository
8.6
CVSSv3
CVE-2016-4029
WordPress prior to 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote malicious users to bypass an intended SSRF protection mechanism via a crafted address.
Wordpress Wordpress
Debian Debian Linux 8.0
6.1
CVSSv3
CVE-2014-9310
Cross-site scripting (XSS) vulnerability in the WordPress Backup to Dropbox plugin prior to 4.1 for WordPress.
Wordpress Backup To Dropbox Project Wordpress Backup To Dropbox
NA
CVE-2015-5623
WordPress prior to 4.2.3 does not properly verify the edit_posts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action to wp-admin/post.php.
Wordpress Wordpress
Debian Debian Linux 8.0
4 Github repositories
NA
CVE-2015-5622
Cross-site scripting (XSS) vulnerability in WordPress prior to 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-i...
Wordpress Wordpress
Debian Debian Linux 8.0
13 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »