Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.0.2 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2007-1409
WordPress allows remote malicious users to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message.
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.7
Wordpress Wordpress 2.0
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.1
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.0.3
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.0.5
5
CVSSv2
CVE-2007-0109
wp-login.php in WordPress 2.0.5 and previous versions displays different error messages if a user exists or not, which allows remote malicious users to obtain sensitive information and facilitates brute force attacks.
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.0.5
Wordpress Wordpress 2.0
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.0.3
5
CVSSv2
CVE-2006-4743
WordPress 2.0.2 up to and including 2.0.5 allows remote malicious users to obtain sensitive information via a direct request for (1) 404.php, (2) akismet.php, (3) archive.php, (4) archives.php, (5) attachment.php, (6) blogger.php, (7) comments.php, (8) comments-popup.php, (9) dot...
Wordpress Wordpress 2.0.3
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.0.5
Wordpress Wordpress 2.0.2
5
CVSSv2
CVE-2006-2702
vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote malicious users to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR'].
Wordpress Wordpress 2.0.2
4.9
CVSSv2
CVE-2010-5296
wp-includes/capabilities.php in WordPress prior to 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.7
Wordpress Wordpress 2.0.8
Wordpress Wordpress 2.0.9
Wordpress Wordpress 2.5
Wordpress Wordpress 2.5.1
Wordpress Wordpress 2.6
Wordpress Wordpress 2.6.1
Wordpress Wordpress 2.6.2
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.9
Wordpress Wordpress 2.9.1
Wordpress Wordpress 2.0.11
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.1.3
Wordpress Wordpress 2.3
Wordpress Wordpress 2.3.2
Wordpress Wordpress 2.6.3
Wordpress Wordpress 2.7
Wordpress Wordpress 2.8.4
4.9
CVSSv2
CVE-2009-2334
wp-admin/admin.php in WordPress and WordPress MU prior to 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote malicious users to specify a configuration file in the page parameter to obtain sensitive information or mod...
Wordpress Wordpress 2.3.3
Wordpress Wordpress 2.3.2
Wordpress Wordpress 2.2.2
Wordpress Wordpress 2.2.1
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.1
Wordpress Wordpress 2.6
Wordpress Wordpress 2.3.1
Wordpress Wordpress 2.2.0
Wordpress Wordpress 2.2
Wordpress Wordpress 2.0.9
Wordpress Wordpress 2.0.8
Wordpress Wordpress 2.0.11
Wordpress Wordpress 2.0.10 Rc2
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 1.2.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 2.5.1
Wordpress Wordpress 2.5
Wordpress Wordpress 2.3
Wordpress Wordpress 2.2 Revision5003
1 EDB exploit
4.3
CVSSv2
CVE-2022-1820
The Keep Backup Daily plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘t’ parameter in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated malicious us...
Androidbubbles Keep Backup Daily
4.3
CVSSv2
CVE-2016-11013
The wp-listings plugin prior to 2.0.2 for WordPress has includes/views/single-listing.php XSS.
Agentevolution Impress Listings
4.3
CVSSv2
CVE-2014-6312
Cross-site request forgery (CSRF) vulnerability in the Login Widget With Shortcode (login-sidebar-widget) plugin prior to 3.2.1 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks ...
Login Widget With Shortcode Project Login Widget With Shortcode 1.0.1
Login Widget With Shortcode Project Login Widget With Shortcode 2.0.2
Login Widget With Shortcode Project Login Widget With Shortcode 2.2.3
Login Widget With Shortcode Project Login Widget With Shortcode 2.2.4
Login Widget With Shortcode Project Login Widget With Shortcode
Login Widget With Shortcode Project Login Widget With Shortcode 2.0.1
Login Widget With Shortcode Project Login Widget With Shortcode 2.1.3
1 EDB exploit
4.3
CVSSv2
CVE-2014-6243
Cross-site scripting (XSS) vulnerability in the EWWW Image Optimizer plugin prior to 2.0.2 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the error parameter in the ewww-image-optimizer.php page to wp-admin/options-general.php, which is not...
Ewww Image Optimizer Plugin Project Ewww Image Optimizer Plugin
Ewww Image Optimizer Plugin Project Ewww Image Optimizer Plugin 2.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »