Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv2
CVE-2007-0539
The wp_remote_fopen function in WordPress prior to 2.1 allows remote malicious users to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a large file, which triggers a long download session without a time...
Wordpress Wordpress
7.8
CVSSv2
CVE-2007-0262
WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify that the m parameter value has the string data type, which allows remote malicious users to obtain sensitive information via an invalid m[] parameter, as demonstrated by obtaining the path, and obtaining certain...
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.1
7.6
CVSSv2
CVE-2014-2579
Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that (1) change the administrator password via the config task to index2.php or (2) ...
Xcloner Xcloner
1 EDB exploit
7.5
CVSSv2
CVE-2022-1057
The Pricing Deals for WooCommerce WordPress plugin up to and including 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection
Varktech Pricing Deals For Woocommerce
7.5
CVSSv2
CVE-2022-1952
The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin prior to 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected...
Syntactics Free Booking Plugin For Hotels\\, Restaurant And Car Rental
7.5
CVSSv2
CVE-2013-4144
There is an object injection vulnerability in swfupload plugin for wordpress.
Swfupload Project Swfupload 3.5.2
7.5
CVSSv2
CVE-2022-1574
The HTML2WP WordPress plugin up to and including 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files (such as PHP) on the remote server
Html2wp Project Html2wp
7.5
CVSSv2
CVE-2022-1905
The Events Made Easy WordPress plugin prior to 2.2.81 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
E-dynamics Events Made Easy
7.5
CVSSv2
CVE-2022-0786
The KiviCare WordPress plugin prior to 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users
Iqonic Kivicare
7.5
CVSSv2
CVE-2022-0827
The Bestbooks WordPress plugin up to and including 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users
Presspage Bestbooks
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »