Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-39999
Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 up to and including 6.3.1, from 6.2 up to and including 6.2.2, from 6.1 up to and including 6.13, from 6.0 up to and including 6.0.5, from 5.9 up to and including 5.9.7, from 5.8 up to and including ...
Wordpress Wordpress
Fedoraproject Fedora 37
Fedoraproject Fedora 38
384
VMScore
CVE-2017-9063
In WordPress prior to 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
446
VMScore
CVE-2017-9065
In WordPress prior to 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
446
VMScore
CVE-2017-9062
In WordPress prior to 4.7.5, there is improper handling of post meta data values in the XML-RPC API.
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 8.0
607
VMScore
CVE-2017-9064
In WordPress prior to 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
517
VMScore
CVE-2017-6815
In WordPress prior to 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
386
VMScore
CVE-2017-9061
In WordPress prior to 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
9 Github repositories
316
VMScore
CVE-2017-6817
In WordPress prior to 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
15 Github repositories
446
VMScore
CVE-2017-9066
In WordPress prior to 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF.
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 8.0
490
VMScore
CVE-2017-6816
In WordPress prior to 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality.
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 8.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »