Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.2.2 vulnerabilities and exploits
(subscribe to this query)
435
VMScore
CVE-2008-4671
Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) prior to 2.6 allows remote malicious users to inject arbitrary web script or HTML via the (1) s and (2) ip_address parameters.
Wordpress Wordpress Mu 1.3.1
Wordpress Wordpress Mu 1.3
Wordpress Wordpress Mu 1.2.3
Wordpress Wordpress Mu 1.2.2
Wordpress Wordpress Mu 1.0
Wordpress Wordpress Mu
1 EDB exploit
435
VMScore
CVE-2008-3233
Cross-site scripting (XSS) vulnerability in WordPress prior to 2.6, SVN development versions only, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Wordpress Wordpress 1.0
Wordpress Wordpress 1.0.1
Wordpress Wordpress 1.0.2
Wordpress Wordpress 1.2
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.10
Wordpress Wordpress 2.0.10 Rc1
Wordpress Wordpress 2.0.10 Rc2
Wordpress Wordpress 2.1.3 Rc1
Wordpress Wordpress 2.1.3 Rc2
Wordpress Wordpress 2.2
Wordpress Wordpress 2.2.0
Wordpress Wordpress 0.7
Wordpress Wordpress 0.711
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.3.1
Wordpress Wordpress 1.5
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 1.6
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.0.9
1 EDB exploit
435
VMScore
CVE-2008-1061
Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) text parameter to (a) warning.php, (b) notice.php, and (c) inset.php in view/sniplets/, and pos...
Wordpress Sniplets Plugin 1.1.2
Wordpress Sniplets Plugin 1.2.2
1 EDB exploit
435
VMScore
CVE-2007-1049
Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 prior to 2.0.9 and 2.1 prior to 2.1.1 allows remote malicious users to inject arbitrary web script or HTML via the file parameter...
Wordpress Wordpress 1.5
Wordpress Wordpress 1.5.1
Wordpress Wordpress 2.0.3
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.0.5
Wordpress Wordpress 0.6.2
Wordpress Wordpress 0.7
Wordpress Wordpress 1.5.2
Wordpress Wordpress 2.0
Wordpress Wordpress 0.6.2.1
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.7
Wordpress Wordpress 0.71
Wordpress Wordpress 1.2.2
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.2
Wordpress Wordpress 1.2
Wordpress Wordpress 1.2.1
1 EDB exploit
384
VMScore
CVE-2013-2205
The default configuration of SWFUpload in WordPress prior to 3.5.2 has an unrestrictive security.allowDomain setting, which allows remote malicious users to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site.
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.3
Wordpress Wordpress 2.1.3
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.6.3
Wordpress Wordpress 2.3.2
Wordpress Wordpress 2.0.1
Wordpress Wordpress 3.3.2
Wordpress Wordpress 2.5.1
Wordpress Wordpress 2.0.9
Wordpress Wordpress 2.2
Wordpress Wordpress 2.6
Wordpress Wordpress 2.3.1
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.0.5
Wordpress Wordpress 2.9
Wordpress Wordpress 2.9.1
Wordpress Wordpress 2.8.5.1
Wordpress Wordpress 2.8.1
Wordpress Wordpress 1.6.2
Wordpress Wordpress 1.5.2
2 Github repositories
383
VMScore
CVE-2021-24380
The Shantz WordPress QOTD WordPress plugin up to and including 1.2.2 is lacking any CSRF check when updating its settings, allowing malicious users to make logged in administrators change them to arbitrary values.
Shantz Wordpress Qotd Project Shantz Wordpress Qotd
383
VMScore
CVE-2021-24372
The WP Hardening – Fix Your WordPress Security WordPress plugin prior to 1.2.2 did not sanitise or escape the $_SERVER['REQUEST_URI'] before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue.
Getastra Wp Hardening
383
VMScore
CVE-2021-24373
The WP Hardening – Fix Your WordPress Security WordPress plugin prior to 1.2.2 did not sanitise or escape the historyvalue GET parameter before outputting it in a Javascript block, leading to a reflected Cross-Site Scripting issue.
Getastra Wp Hardening
383
VMScore
CVE-2020-14063
A stored Cross-Site Scripting (XSS) vulnerability in the TC Custom JavaScript plugin prior to 1.2.2 for WordPress allows unauthenticated remote malicious users to inject arbitrary JavaScript via the tccj-content parameter. This is displayed in the page footer of every front-end p...
Tc Custom Javascript Project Tc Custom Javascript
383
VMScore
CVE-2019-20210
The CTHthemes CityBook prior to 2.3.4, TownHub prior to 1.0.6, and EasyBook prior to 1.2.2 themes for WordPress allow Reflected XSS via a search query.
Cththemes Citybook
Cththemes Easybook
Cththemes Townhub
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »