wordpress wordpress 2.8.3 vulnerabilities and exploits

(subscribe to this query)

Wordpress prior to 2.8.3 does not check capabilities for certain actions, which allows remote malicious users to make unauthorized edits or additions via a direct request to (1) edit-comments.php, (2) edit-pages.php, (3) edit.php, (4) edit-category-form.php, (5) edit-link-categor...

Wordpress Wordpress

Cross-site scripting (XSS) vulnerability in the administrator interface in WordPress prior to 2.8.2 allows remote malicious users to inject arbitrary web script or HTML via a comment author URL.

Wordpress Wordpress

1 EDB exploit

Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto parameter.

Wordpress Wordpress 2.6

wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote malicious users to upgrade the application, and possibly cause a denial of service (application outage), via a direct request.

Wordpress Wordpress 2.6

WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote malicious users to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete us...

Wordpress Wordpress 2.6.3

The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and previous versions, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote malicious users to execute arbitrary commands vi...

Snoopy Project Snoopy Debian Debian Linux 4.0 Debian Debian Linux 5.0 Nagios Nagios Wordpress Wordpress

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 2.8.3 due to insufficien...

CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress.

Activity Log Project Activity Log

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme.This issue affects Houzez - Real Estate WordPress Theme: from n/a prior to 2.8.3.

Favethemes Houzez

« PREV 1 2 3 4 5 6 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook