Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.1 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2023-39999
Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 up to and including 6.3.1, from 6.2 up to and including 6.2.2, from 6.1 up to and including 6.13, from 6.0 up to and including 6.0.5, from 5.9 up to and including 5.9.7, from 5.8 up to and including ...
Wordpress Wordpress
Fedoraproject Fedora 37
Fedoraproject Fedora 38
8.6
CVSSv3
CVE-2017-9062
In WordPress prior to 4.7.5, there is improper handling of post meta data values in the XML-RPC API.
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 8.0
7.5
CVSSv3
CVE-2017-9065
In WordPress prior to 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
6.1
CVSSv3
CVE-2017-9063
In WordPress prior to 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
8.8
CVSSv3
CVE-2017-9064
In WordPress prior to 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
6.1
CVSSv3
CVE-2017-9061
In WordPress prior to 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
9 Github repositories
6.1
CVSSv3
CVE-2017-6815
In WordPress prior to 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
5.4
CVSSv3
CVE-2017-6817
In WordPress prior to 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
15 Github repositories
8.6
CVSSv3
CVE-2017-9066
In WordPress prior to 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF.
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 8.0
4.9
CVSSv3
CVE-2017-6816
In WordPress prior to 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality.
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 8.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »