Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.6.5 vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2020-13693
An unauthenticated privilege-escalation issue exists in the bbPress plugin prior to 2.6.5 for WordPress when New User Registration is enabled.
Bbpress Bbpress
605
VMScore
CVE-2013-3253
Cross-site request forgery (CSRF) vulnerability in admin/setting.php in the Xhanch - My Twitter plugin prior to 2.7.7 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that change unspecified settings.
Xhanch My Twitter
Xhanch My Twitter 2.5.8
Xhanch My Twitter 2.5.9
Xhanch My Twitter 2.6.0
Xhanch My Twitter 2.6.1
Xhanch My Twitter 2.6.2
Xhanch My Twitter 2.6.3
Xhanch My Twitter 2.6.4
Xhanch My Twitter 2.6.5
Xhanch My Twitter 2.6.6
Xhanch My Twitter 2.6.7
Xhanch My Twitter 2.6.8
Xhanch My Twitter 2.6.9
Xhanch My Twitter 2.7.0
Xhanch My Twitter 2.7.1
Xhanch My Twitter 2.7.2
Xhanch My Twitter 2.7.3
Xhanch My Twitter 2.7.4
Xhanch My Twitter 2.7.5
755
VMScore
CVE-2014-4725
The MailPoet Newsletters (wysija-newsletters) plugin prior to 2.6.7 for WordPress allows remote malicious users to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/...
Mailpoet Mailpoet Newsletters 2.6.4
Mailpoet Mailpoet Newsletters 2.6.3
Mailpoet Mailpoet Newsletters 2.6.2
Mailpoet Mailpoet Newsletters 2.6.1
Mailpoet Mailpoet Newsletters 2.5.1
Mailpoet Mailpoet Newsletters 2.5
Mailpoet Mailpoet Newsletters 2.4.4
Mailpoet Mailpoet Newsletters 2.4.3
Mailpoet Mailpoet Newsletters 2.2
Mailpoet Mailpoet Newsletters 2.1.9
Mailpoet Mailpoet Newsletters 2.1.8
Mailpoet Mailpoet Newsletters 2.1.7
Mailpoet Mailpoet Newsletters 2.1.6
Mailpoet Mailpoet Newsletters 2.0.4
Mailpoet Mailpoet Newsletters
Mailpoet Mailpoet Newsletters 2.6
Mailpoet Mailpoet Newsletters 2.5.9.3
Mailpoet Mailpoet Newsletters 2.5.7
Mailpoet Mailpoet Newsletters 2.5.4
Mailpoet Mailpoet Newsletters 2.5.2
Mailpoet Mailpoet Newsletters 2.4.2
Mailpoet Mailpoet Newsletters 2.4
1 EDB exploit
383
VMScore
CVE-2014-4513
Multiple cross-site scripting (XSS) vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and previous versions for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parame...
Activehelper Activehelper Livehelp Live Chat
Activehelper Activehelper Livehelp Live Chat 2.6.0
Activehelper Activehelper Livehelp Live Chat 2.9.0
Activehelper Activehelper Livehelp Live Chat 2.7.5
Activehelper Activehelper Livehelp Live Chat 2.7.4
Activehelper Activehelper Livehelp Live Chat 2.7.3
Activehelper Activehelper Livehelp Live Chat 2.7.0
Activehelper Activehelper Livehelp Live Chat 3.0.0
Activehelper Activehelper Livehelp Live Chat 2.9.2
Activehelper Activehelper Livehelp Live Chat 2.6.7
Activehelper Activehelper Livehelp Live Chat 2.6.2
Activehelper Activehelper Livehelp Live Chat 2.9.5
Activehelper Activehelper Livehelp Live Chat 2.9.1
Activehelper Activehelper Livehelp Live Chat 2.6.5
Activehelper Activehelper Livehelp Live Chat 2.6.1
383
VMScore
CVE-2017-18524
The football-pool plugin prior to 2.6.5 for WordPress has multiple XSS issues.
Football Pool Project Football Pool
NA
CVE-2022-38454
Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Optimizer plugin <= 2.6.5 at WordPress.
Kraken Kraken.io Image Optimizer
605
VMScore
CVE-2019-15769
The handl-utm-grabber plugin prior to 2.6.5 for WordPress has CSRF via add_option and update_option.
Haktansuren Handl Utm Grabber
NA
CVE-2023-5509
The myStickymenu WordPress plugin prior to 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions.
Premio Mystickymenu
NA
CVE-2024-24713
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Auto Listings Auto Listings – Car Listings & Car Dealership Plugin for WordPress allows Stored XSS.This issue affects Auto Listings – Car Listings &a...
Wpautolistings Auto Listings
NA
CVE-2024-0709
The Cryptocurrency Widgets – Price Ticker & Coins List plugin for WordPress is vulnerable to SQL Injection via the 'coinslist' parameter in versions 2.0 to 2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on ...
Coolplugins Cryptocurrency Widgets
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »