Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv2
CVE-2015-9455
The buddypress-activity-plus plugin prior to 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action.
Incsub Buddypress-activity-plus
7.8
CVSSv2
CVE-2015-5472
Absolute path traversal vulnerability in lib/download.php in the IBS Mappro plugin prior to 1.0 for WordPress allows remote malicious users to read arbitrary files via a full pathname in the file parameter.
Ibs Mappro Project Ibs Mappro
7.8
CVSSv2
CVE-2007-0539
The wp_remote_fopen function in WordPress prior to 2.1 allows remote malicious users to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a large file, which triggers a long download session without a time...
Wordpress Wordpress
7.8
CVSSv2
CVE-2007-0262
WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify that the m parameter value has the string data type, which allows remote malicious users to obtain sensitive information via an invalid m[] parameter, as demonstrated by obtaining the path, and obtaining certain...
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.1
7.6
CVSSv2
CVE-2014-2579
Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that (1) change the administrator password via the config task to index2.php or (2) ...
Xcloner Xcloner
1 EDB exploit
7.5
CVSSv2
CVE-2022-1952
The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin prior to 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected...
Syntactics Free Booking Plugin For Hotels\\, Restaurant And Car Rental
7.5
CVSSv2
CVE-2022-1057
The Pricing Deals for WooCommerce WordPress plugin up to and including 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection
Varktech Pricing Deals For Woocommerce
7.5
CVSSv2
CVE-2013-4144
There is an object injection vulnerability in swfupload plugin for wordpress.
Swfupload Project Swfupload 3.5.2
7.5
CVSSv2
CVE-2022-1574
The HTML2WP WordPress plugin up to and including 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files (such as PHP) on the remote server
Html2wp Project Html2wp
7.5
CVSSv2
CVE-2022-1905
The Events Made Easy WordPress plugin prior to 2.2.81 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
E-dynamics Events Made Easy
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5274
CVE-2024-35388
CVE-2024-35396
elevation of privilege
CVE-2021-47544
file upload
CVE-2021-47545
memory leak
CVE-2024-4956
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »