Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

wordpress wordpress 3.1.1 vulnerabilities and exploits

(subscribe to this query)

NA
CVE-2014-8603
cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to execute arbitrary code via shell metacharacters in the (1) file name when creating a backup or vectors related to the (2) $_CONFIG[tarpath], (3) $exclude, (4)...
Xcloner Xcloner 3.5.1Xcloner Xcloner 3.1.1
NA
CVE-2011-3850
Cross-site scripting (XSS) vulnerability in the Atahualpa theme before 3.6.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter....
Bytesforall Atahualpa 2.21Bytesforall Atahualpa 3.1Bytesforall Atahualpa 3.1.8Bytesforall Atahualpa 3.1.9Bytesforall Atahualpa 3.4.6Bytesforall Atahualpa 3.4.9Bytesforall Atahualpa 3.6.4Bytesforall Atahualpa 3.6.6Bytesforall AtahualpaBytesforall Atahualpa 2.0Bytesforall Atahualpa 3.1.3Bytesforall Atahualpa 3.1.4Bytesforall Atahualpa 3.4.01Bytesforall Atahualpa 3.4.1Bytesforall Atahualpa 3.4.3Bytesforall Atahualpa 3.6Bytesforall Atahualpa 3.6.1Bytesforall Atahualpa 3.1.1Bytesforall Atahualpa 3.1.2Bytesforall Atahualpa 3.2Bytesforall Atahualpa 3.4Bytesforall Atahualpa 3.5.2Bytesforall Atahualpa 3.5.4Bytesforall Atahualpa 2.01Bytesforall Atahualpa 2.2Bytesforall Atahualpa 3.1.5Bytesforall Atahualpa 3.1.6Bytesforall Atahualpa 3.4.4Bytesforall Atahualpa 3.4.5Bytesforall Atahualpa 3.6.2Bytesforall Atahualpa 3.6.3
6.1
CVE-2023-2362
The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1,...
Wow-company Button GeneratorWow-company Bubble MenuWow-company Float MenuWow-company Wp CoderWow-company Wow Skype ButtonsWow-company Sticky ButtonsWow-company Side Menu LiteWow-company Herd EffectsWow-company Floating ButtonWow-company Counter BoxWow-company Calculator-builderWow-company Popup Box
NA
CVE-2012-0896
Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter....
Count Per Day Project Count Per Day 2.16Count Per Day Project Count Per Day 2.15.1Count Per Day Project Count Per Day 2.15Count Per Day Project Count Per Day 2.2Tom Braider Count Per DayTom Braider Count Per Day 1.0
NA
CVE-2011-4671
SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL)....
Adrotateplugin Adrotate 3.6.3Adrotateplugin Adrotate 3.6.2Adrotateplugin Adrotate 3.3Adrotateplugin Adrotate 3.2.2Adrotateplugin Adrotate 3.0.1Adrotateplugin Adrotate 3.0Adrotateplugin Adrotate 2.4.1Adrotateplugin Adrotate 2.4Adrotateplugin Adrotate 1.0Adrotateplugin Adrotate 0.8Adrotateplugin Adrotate 0.2Adrotateplugin Adrotate 0.1Adrotateplugin AdrotateAdrotateplugin Adrotate 3.6.6Adrotateplugin Adrotate 3.5.1Adrotateplugin Adrotate 3.5Adrotateplugin Adrotate 3.1.1Adrotateplugin Adrotate 3.1Adrotateplugin Adrotate 2.5Adrotateplugin Adrotate 2.4.4Adrotateplugin Adrotate 2.2Adrotateplugin Adrotate 2.1Adrotateplugin Adrotate 0.6Adrotateplugin Adrotate 0.5Adrotateplugin Adrotate 3.6.1Adrotateplugin Adrotate 3.6Adrotateplugin Adrotate 3.2.1Adrotateplugin Adrotate 3.2Adrotateplugin Adrotate 2.6.1Adrotateplugin Adrotate 2.6Adrotateplugin Adrotate 2.5.1Adrotateplugin Adrotate 2.3.1Adrotateplugin Adrotate 2.3Adrotateplugin Adrotate 0.7.1Adrotateplugin Adrotate 0.7Adrotateplugin Adrotate 3.6.5Adrotateplugin Adrotate 3.6.4Adrotateplugin Adrotate 3.4Adrotateplugin Adrotate 3.3.1Adrotateplugin Adrotate 3.0.3Adrotateplugin Adrotate 3.0.2Adrotateplugin Adrotate 2.4.3Adrotateplugin Adrotate 2.4.2Adrotateplugin Adrotate 2.0.1Adrotateplugin Adrotate 2.0Adrotateplugin Adrotate 0.4Adrotateplugin Adrotate 0.3
6.1
CVSSv3
CVE-2017-9420
Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter....
Sunnythemes Spiffy Calendar 3.0.8Sunnythemes Spiffy Calendar 3.0.7Sunnythemes Spiffy Calendar 3.0.0Sunnythemes Spiffy Calendar 2.1.3Sunnythemes Spiffy Calendar 1.2.0Sunnythemes Spiffy Calendar 1.1.8Sunnythemes Spiffy Calendar 1.1.2Sunnythemes Spiffy Calendar 1.1.1Sunnythemes Spiffy Calendar 3.1.3Sunnythemes Spiffy Calendar 3.1.2Sunnythemes Spiffy Calendar 3.0.4Sunnythemes Spiffy Calendar 3.0.3Sunnythemes Spiffy Calendar 2.1.0Sunnythemes Spiffy Calendar 2.0.1Sunnythemes Spiffy Calendar 1.1.5Sunnythemes Spiffy Calendar 2.0.0Sunnythemes Spiffy Calendar 1.0.3Sunnythemes Spiffy Calendar 1.0.1Sunnythemes Spiffy Calendar 3.1.1Sunnythemes Spiffy Calendar 3.1.0Sunnythemes Spiffy Calendar 3.0.2Sunnythemes Spiffy Calendar 3.0.1Sunnythemes Spiffy Calendar 1.3.1Sunnythemes Spiffy Calendar 1.3.0Sunnythemes Spiffy Calendar 1.2.1Sunnythemes Spiffy Calendar 1.1.4Sunnythemes Spiffy Calendar 1.1.3Sunnythemes Spiffy Calendar 1.0.0Sunnythemes Spiffy Calendar 3.2.0Sunnythemes Spiffy Calendar 3.1.5Sunnythemes Spiffy Calendar 3.1.4Sunnythemes Spiffy Calendar 3.0.6Sunnythemes Spiffy Calendar 3.0.5Sunnythemes Spiffy Calendar 2.1.2Sunnythemes Spiffy Calendar 2.1.1Sunnythemes Spiffy Calendar 1.1.7Sunnythemes Spiffy Calendar 1.1.6Sunnythemes Spiffy Calendar 1.1.0Sunnythemes Spiffy Calendar 1.0.2a
NA
CVE-2012-0895
Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter....
Tom Braider Count Per DayTom Braider Count Per Day 1.0
6.1
CVSSv3
CVE-2022-2173
The Advanced Database Cleaner WordPress plugin before 3.1.1 does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting...
Sigmaplugin Advanced Database Cleaner
5.4
CVE-2022-4782
The ClickFunnels WordPress plugin through 3.1.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack....
Clickfunnels Clickfunnels
5.4
CVE-2023-0078
The Resume Builder WordPress plugin through 3.1.1 does not sanitize and escape some parameters related to Resume, which could allow users with a role as low as subscriber to perform Stored XSS attacks against higher privilege users...
Resumebuilder Resume Builder
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XSSCVE-2023-48314CVE-2023-6376CVE-2023-46384arbitrary codeCVE-2023-42917CVE-2023-48842CVE-2023-42916firewall
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook