Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.5.2 vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2005-4463
WordPress prior to 1.5.2 allows remote malicious users to obtain sensitive information via a direct request to (1) wp-includes/vars.php, (2) wp-content/plugins/hello.php, (3) wp-admin/upgrade-functions.php, (4) wp-admin/edit-form.php, (5) wp-settings.php, and (6) wp-admin/edit-fo...
Wordpress Wordpress 1.2
Wordpress Wordpress 1.5
Wordpress Wordpress 1.5.1
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 1.0.1
Wordpress Wordpress 1.0.2
Wordpress Wordpress 1.0
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 2.0.1
435
VMScore
CVE-2011-4595
Pretty-Link WordPress plugin 1.5.2 has XSS
Caseproof Pretty Link 1.5.2
1 EDB exploit
435
VMScore
CVE-2012-6622
Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin prior to 1.7.4 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) groupid parameter in an editgroup action or (2) userg...
Vasthtml Forumpress 1.0
Vasthtml Forumpress 1.1
Vasthtml Forumpress 1.6
Vasthtml Forumpress 1.6.2
Vasthtml Forumpress 1.6.3
Vasthtml Forumpress 1.7
Vasthtml Forumpress 1.7.1
Vasthtml Forumpress 1.4
Vasthtml Forumpress 1.5
Vasthtml Forumpress 1.6.6
Vasthtml Forumpress 1.6.7
Vasthtml Forumpress
Vasthtml Forumpress 1.2
Vasthtml Forumpress 1.3
Vasthtml Forumpress 1.6.4
Vasthtml Forumpress 1.6.5
Vasthtml Forumpress 1.7.2
Vasthtml Forumpress 1.7.3
Vasthtml Forumpress 1.5.1
Vasthtml Forumpress 1.5.2
Vasthtml Forumpress 1.6.8
Vasthtml Forumpress 1.6.9
1 EDB exploit
435
VMScore
CVE-2011-4926
Cross-site scripting (XSS) vulnerability in adminimize/adminimize_page.php in the Adminimize plugin prior to 1.7.22 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the page parameter.
Bueltge Adminimize
Bueltge Adminimize 0.6.9
Bueltge Adminimize 0.7
Bueltge Adminimize 0.7.1
Bueltge Adminimize 0.7.2
Bueltge Adminimize 0.7.3
Bueltge Adminimize 0.7.5
Bueltge Adminimize 0.7.6
Bueltge Adminimize 0.7.7
Bueltge Adminimize 0.7.8
Bueltge Adminimize 0.7.9
Bueltge Adminimize 0.8
Bueltge Adminimize 0.8.1
Bueltge Adminimize 1.0
Bueltge Adminimize 1.1
Bueltge Adminimize 1.2
Bueltge Adminimize 1.3
Bueltge Adminimize 1.4
Bueltge Adminimize 1.4.1
Bueltge Adminimize 1.4.2
Bueltge Adminimize 1.4.3-6
Bueltge Adminimize 1.4.7
1 EDB exploit
435
VMScore
CVE-2012-0782
Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname parameter. NOTE...
Wordpress Wordpress 3.0.5
Wordpress Wordpress 2.0.11
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.1
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.0.4
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.2.1
Wordpress Wordpress 0.711
Wordpress Wordpress 3.1.4
Wordpress Wordpress 2.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 0.7
Wordpress Wordpress 2.1.3
Wordpress Wordpress 3.0
Wordpress Wordpress 2.8
1 EDB exploit
435
VMScore
CVE-2011-3860
Cross-site scripting (XSS) vulnerability in the Cover WP theme prior to 1.6.6 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the s parameter.
Onedesigns Cover Wp
Onedesigns Cover Wp 1.1
Onedesigns Cover Wp 1.2
Onedesigns Cover Wp 1.3
Onedesigns Cover Wp 1.4
Onedesigns Cover Wp 1.4.1
Onedesigns Cover Wp 1.5
Onedesigns Cover Wp 1.5.1
Onedesigns Cover Wp 1.5.2
Onedesigns Cover Wp 1.5.3
Onedesigns Cover Wp 1.5.4
Onedesigns Cover Wp 1.5.5
Onedesigns Cover Wp 1.5.6
Onedesigns Cover Wp 1.5.7
Onedesigns Cover Wp 1.5.8
Onedesigns Cover Wp 1.5.9
Onedesigns Cover Wp 1.6
Onedesigns Cover Wp 1.6.1
Onedesigns Cover Wp 1.6.2
Onedesigns Cover Wp 1.6.3
Onedesigns Cover Wp 1.6.4
1 EDB exploit
435
VMScore
CVE-2010-1186
Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the NextGEN Gallery plugin prior to 1.5.2 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the mode parameter.
Alex Rabe Nextgen Gallery 0.35
Alex Rabe Nextgen Gallery 0.34
Alex Rabe Nextgen Gallery 1.2.0
Alex Rabe Nextgen Gallery 1.2.1
Alex Rabe Nextgen Gallery 1.3.6
Alex Rabe Nextgen Gallery 1.4.0
Alex Rabe Nextgen Gallery 0.97
Alex Rabe Nextgen Gallery 1.4.3
Alex Rabe Nextgen Gallery 0.61
Alex Rabe Nextgen Gallery 0.41
Alex Rabe Nextgen Gallery 0.74
Alex Rabe Nextgen Gallery 0.62
Alex Rabe Nextgen Gallery 0.92
Alex Rabe Nextgen Gallery 0.94
Alex Rabe Nextgen Gallery 0.95
Alex Rabe Nextgen Gallery 1.5.0
Alex Rabe Nextgen Gallery
Alex Rabe Nextgen Gallery 1.3.0
Alex Rabe Nextgen Gallery 1.3.1
Alex Rabe Nextgen Gallery 1.4.1
Alex Rabe Nextgen Gallery 1.4.2
Alex Rabe Nextgen Gallery 0.99
1 EDB exploit
435
VMScore
CVE-2008-3233
Cross-site scripting (XSS) vulnerability in WordPress prior to 2.6, SVN development versions only, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Wordpress Wordpress 1.0
Wordpress Wordpress 1.0.1
Wordpress Wordpress 1.0.2
Wordpress Wordpress 1.2
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.10
Wordpress Wordpress 2.0.10 Rc1
Wordpress Wordpress 2.0.10 Rc2
Wordpress Wordpress 2.1.3 Rc1
Wordpress Wordpress 2.1.3 Rc2
Wordpress Wordpress 2.2
Wordpress Wordpress 2.2.0
Wordpress Wordpress 0.7
Wordpress Wordpress 0.711
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.3.1
Wordpress Wordpress 1.5
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 1.6
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.0.9
1 EDB exploit
435
VMScore
CVE-2007-1049
Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 prior to 2.0.9 and 2.1 prior to 2.1.1 allows remote malicious users to inject arbitrary web script or HTML via the file parameter...
Wordpress Wordpress 1.5
Wordpress Wordpress 1.5.1
Wordpress Wordpress 2.0.3
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.0.5
Wordpress Wordpress 0.6.2
Wordpress Wordpress 0.7
Wordpress Wordpress 1.5.2
Wordpress Wordpress 2.0
Wordpress Wordpress 0.6.2.1
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.7
Wordpress Wordpress 0.71
Wordpress Wordpress 1.2.2
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.2
Wordpress Wordpress 1.2
Wordpress Wordpress 1.2.1
1 EDB exploit
384
VMScore
CVE-2013-2205
The default configuration of SWFUpload in WordPress prior to 3.5.2 has an unrestrictive security.allowDomain setting, which allows remote malicious users to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site.
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.3
Wordpress Wordpress 2.1.3
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.6.3
Wordpress Wordpress 2.3.2
Wordpress Wordpress 2.0.1
Wordpress Wordpress 3.3.2
Wordpress Wordpress 2.5.1
Wordpress Wordpress 2.0.9
Wordpress Wordpress 2.2
Wordpress Wordpress 2.6
Wordpress Wordpress 2.3.1
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.0.5
Wordpress Wordpress 2.9
Wordpress Wordpress 2.9.1
Wordpress Wordpress 2.8.5.1
Wordpress Wordpress 2.8.1
Wordpress Wordpress 1.6.2
Wordpress Wordpress 1.5.2
2 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »