Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress vulnerabilities and exploits
(subscribe to this query)
802
VMScore
CVE-2020-9043
The wpCentral plugin prior to 1.5.1 for WordPress allows disclosure of the connection key.
Wpcentral Wpcentral
801
VMScore
CVE-2021-43408
The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and...
Duplicate Post Project Duplicate Post
1 Github repository
801
VMScore
CVE-2021-24684
The WordPress PDF Light Viewer Plugin WordPress plugin prior to 1.4.12 allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript.
Teamlead Pdf-light-viewer
801
VMScore
CVE-2021-24453
The Include Me WordPress plugin up to and including 1.2.1 is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution (RCE) of the system due to log poisoning and therefore potentially a full compromise of the underlying structure
Include Me Project Include Me
801
VMScore
CVE-2021-24307
The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings prior to 4.1.0.2 enables authenticated users with "aioseo_tools_settings" privilege (most of the time admin) to execute arbitrary code on the underlying host. Users can restore...
Aioseo All In One Seo
1 Github repository
801
VMScore
CVE-2021-24209
The WP Super Cache WordPress plugin prior to 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php fi...
Automattic Wp Super Cache
801
VMScore
CVE-2020-26596
The Dynamic OOO widget for the Elementor Pro plugin up to and including 3.0.5 for WordPress allows remote authenticated users to execute arbitrary code because only the Editor role is needed to upload executable PHP code via the PHP Raw snippet. NOTE: this issue can be mitigated ...
Elementor Elementor Pro
801
VMScore
CVE-2019-17661
A CSV injection in the codepress-admin-columns (aka Admin Columns) plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious co...
Admincolumns Admin Columns 3.4.6
801
VMScore
CVE-2015-9228
In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php.
Imagely Nextgen Gallery 2.1.10
Imagely Nextgen Gallery 2.0.66.29
Imagely Nextgen Gallery 2.0.66.27
Imagely Nextgen Gallery 2.0.66.26
Imagely Nextgen Gallery 2.0.66.17
Imagely Nextgen Gallery 2.0.25
Imagely Nextgen Gallery 2.0.23
Imagely Nextgen Gallery 2.0.21
Imagely Nextgen Gallery 2.0.17
Imagely Nextgen Gallery 1.9.3
Imagely Nextgen Gallery 1.9.2
Imagely Nextgen Gallery 1.9.1
Imagely Nextgen Gallery 1.9.0
Imagely Nextgen Gallery 1.8.4
Imagely Nextgen Gallery 1.5.5
Imagely Nextgen Gallery 1.5.4
Imagely Nextgen Gallery 1.5.3
Imagely Nextgen Gallery 1.5.2
Imagely Nextgen Gallery 2.1.9
Imagely Nextgen Gallery 2.1.2
Imagely Nextgen Gallery 2.0.79
Imagely Nextgen Gallery 2.0.74
801
VMScore
CVE-2008-2392
Unrestricted file upload vulnerability in WordPress 2.5.1 and previous versions might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard.
Wordpress Wordpress
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »