Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.6.5 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-13693
An unauthenticated privilege-escalation issue exists in the bbPress plugin prior to 2.6.5 for WordPress when New User Registration is enabled.
Bbpress Bbpress
NA
CVE-2013-3253
Cross-site request forgery (CSRF) vulnerability in admin/setting.php in the Xhanch - My Twitter plugin prior to 2.7.7 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that change unspecified settings.
Xhanch My Twitter
Xhanch My Twitter 2.5.8
Xhanch My Twitter 2.5.9
Xhanch My Twitter 2.6.0
Xhanch My Twitter 2.6.1
Xhanch My Twitter 2.6.2
Xhanch My Twitter 2.6.3
Xhanch My Twitter 2.6.4
Xhanch My Twitter 2.6.5
Xhanch My Twitter 2.6.6
Xhanch My Twitter 2.6.7
Xhanch My Twitter 2.6.8
Xhanch My Twitter 2.6.9
Xhanch My Twitter 2.7.0
Xhanch My Twitter 2.7.1
Xhanch My Twitter 2.7.2
Xhanch My Twitter 2.7.3
Xhanch My Twitter 2.7.4
Xhanch My Twitter 2.7.5
NA
CVE-2014-4725
The MailPoet Newsletters (wysija-newsletters) plugin prior to 2.6.7 for WordPress allows remote malicious users to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/...
Mailpoet Mailpoet Newsletters 2.6.4
Mailpoet Mailpoet Newsletters 2.6.3
Mailpoet Mailpoet Newsletters 2.6.2
Mailpoet Mailpoet Newsletters 2.6.1
Mailpoet Mailpoet Newsletters 2.5.1
Mailpoet Mailpoet Newsletters 2.5
Mailpoet Mailpoet Newsletters 2.4.4
Mailpoet Mailpoet Newsletters 2.4.3
Mailpoet Mailpoet Newsletters 2.2
Mailpoet Mailpoet Newsletters 2.1.9
Mailpoet Mailpoet Newsletters 2.1.8
Mailpoet Mailpoet Newsletters 2.1.7
Mailpoet Mailpoet Newsletters 2.1.6
Mailpoet Mailpoet Newsletters 2.0.4
Mailpoet Mailpoet Newsletters
Mailpoet Mailpoet Newsletters 2.6
Mailpoet Mailpoet Newsletters 2.5.9.3
Mailpoet Mailpoet Newsletters 2.5.7
Mailpoet Mailpoet Newsletters 2.5.4
Mailpoet Mailpoet Newsletters 2.5.2
Mailpoet Mailpoet Newsletters 2.4.2
Mailpoet Mailpoet Newsletters 2.4
1 EDB exploit
NA
CVE-2014-4513
Multiple cross-site scripting (XSS) vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and previous versions for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parame...
Activehelper Activehelper Livehelp Live Chat
Activehelper Activehelper Livehelp Live Chat 2.6.0
Activehelper Activehelper Livehelp Live Chat 2.9.0
Activehelper Activehelper Livehelp Live Chat 2.7.5
Activehelper Activehelper Livehelp Live Chat 2.7.4
Activehelper Activehelper Livehelp Live Chat 2.7.3
Activehelper Activehelper Livehelp Live Chat 2.7.0
Activehelper Activehelper Livehelp Live Chat 3.0.0
Activehelper Activehelper Livehelp Live Chat 2.9.2
Activehelper Activehelper Livehelp Live Chat 2.6.7
Activehelper Activehelper Livehelp Live Chat 2.6.2
Activehelper Activehelper Livehelp Live Chat 2.9.5
Activehelper Activehelper Livehelp Live Chat 2.9.1
Activehelper Activehelper Livehelp Live Chat 2.6.5
Activehelper Activehelper Livehelp Live Chat 2.6.1
6.1
CVSSv3
CVE-2017-18524
The football-pool plugin prior to 2.6.5 for WordPress has multiple XSS issues.
Football Pool Project Football Pool
8.8
CVSSv3
CVE-2022-38454
Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Optimizer plugin <= 2.6.5 at WordPress.
Kraken Kraken.io Image Optimizer
8.8
CVSSv3
CVE-2019-15769
The handl-utm-grabber plugin prior to 2.6.5 for WordPress has CSRF via add_option and update_option.
Haktansuren Handl Utm Grabber
5.4
CVSSv3
CVE-2023-5509
The myStickymenu WordPress plugin prior to 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions.
Premio Mystickymenu
5.4
CVSSv3
CVE-2024-24713
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Auto Listings Auto Listings – Car Listings & Car Dealership Plugin for WordPress allows Stored XSS.This issue affects Auto Listings – Car Listings &a...
Wpautolistings Auto Listings
NA
CVE-2014-4726
Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin prior to 2.6.8 for WordPress has unspecified impact and attack vectors.
Mailpoet Mailpoet Newsletters 2.6.4
Mailpoet Mailpoet Newsletters 2.6.2
Mailpoet Mailpoet Newsletters 2.5.9.1
Mailpoet Mailpoet Newsletters 2.5.8
Mailpoet Mailpoet Newsletters 2.5
Mailpoet Mailpoet Newsletters 2.4.3
Mailpoet Mailpoet Newsletters 2.3.4
Mailpoet Mailpoet Newsletters 2.3.2
Mailpoet Mailpoet Newsletters 2.1.9
Mailpoet Mailpoet Newsletters 2.1.7
Mailpoet Mailpoet Newsletters 2.1
Mailpoet Mailpoet Newsletters 2.0.9
Mailpoet Mailpoet Newsletters 2.0.4
Mailpoet Mailpoet Newsletters 2.0.2
Mailpoet Mailpoet Newsletters 1.1.1
Mailpoet Mailpoet Newsletters 1.0.1
Mailpoet Mailpoet Newsletters
Mailpoet Mailpoet Newsletters 2.6.6
Mailpoet Mailpoet Newsletters 2.6.5
Mailpoet Mailpoet Newsletters 2.5.7
Mailpoet Mailpoet Newsletters 2.5.5
Mailpoet Mailpoet Newsletters 2.5.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »