Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.2.3 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2012-4271
Multiple cross-site scripting (XSS) vulnerabilities in bad-behavior-wordpress-admin.php in the Bad Behavior plugin prior to 2.0.47 and 2.2.x prior to 2.2.5 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) httpbl_key, (3)...
Mark Jaquith Bad Behavior 2.2.3
Mark Jaquith Bad Behavior 2.2.4
Mark Jaquith Bad Behavior 2.2.1
Mark Jaquith Bad Behavior 2.2.2
Mark Jaquith Bad Behavior
Mark Jaquith Bad Behavior 2.2.0
Wordpress Wordpress -
5
CVSSv2
CVE-2014-8585
Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.
Wpdownloadmanager Wordpress Download Manager 2.6.91
Wpdownloadmanager Wordpress Download Manager 2.6.9
Wpdownloadmanager Wordpress Download Manager 2.6.2
Wpdownloadmanager Wordpress Download Manager 2.6.1
Wpdownloadmanager Wordpress Download Manager 2.5.93
Wpdownloadmanager Wordpress Download Manager 2.5.92
Wpdownloadmanager Wordpress Download Manager 2.5.4
Wpdownloadmanager Wordpress Download Manager 2.5.3
Wpdownloadmanager Wordpress Download Manager 2.4.6
Wpdownloadmanager Wordpress Download Manager 2.4.5
Wpdownloadmanager Wordpress Download Manager 2.3.7
Wpdownloadmanager Wordpress Download Manager 2.3.6
Wpdownloadmanager Wordpress Download Manager 2.2.9
Wpdownloadmanager Wordpress Download Manager 2.2.8
Wpdownloadmanager Wordpress Download Manager 2.2.1
Wpdownloadmanager Wordpress Download Manager 2.2.0
Wpdownloadmanager Wordpress Download Manager 2.1.3
Wpdownloadmanager Wordpress Download Manager 2.0.16
Wpdownloadmanager Wordpress Download Manager 2.0.15
Wpdownloadmanager Wordpress Download Manager 2.0.8
Wpdownloadmanager Wordpress Download Manager 2.0.7
Wpdownloadmanager Wordpress Download Manager 1.5.33
5
CVSSv2
CVE-2012-4915
Directory traversal vulnerability in the Google Doc Embedder plugin prior to 2.5.4 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php.
Davistribe Google Doc Embedder 2.5.2
Davistribe Google Doc Embedder 2.5.1
Davistribe Google Doc Embedder 2.4.1
Davistribe Google Doc Embedder 2.4
Davistribe Google Doc Embedder 2.5
Davistribe Google Doc Embedder 2.4.6
Davistribe Google Doc Embedder 2.3
Davistribe Google Doc Embedder 2.2.3
Davistribe Google Doc Embedder 2.4.5
Davistribe Google Doc Embedder 2.4.4
Davistribe Google Doc Embedder 2.2.2
Davistribe Google Doc Embedder 2.2.1
Davistribe Google Doc Embedder 2.2
Davistribe Google Doc Embedder
Davistribe Google Doc Embedder 2.4.3
Davistribe Google Doc Embedder 2.4.2
Davistribe Google Doc Embedder 2.1
Davistribe Google Doc Embedder 2.0
1 EDB exploit
1 Github repository
4.3
CVSSv2
CVE-2013-1407
Multiple cross-site scripting (XSS) vulnerabilities in the Events Manager plugin prior to 5.3.5 and Events Manager Pro plugin prior to 2.2.9 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) scope parameter to index.php; (2) user_name, ...
Netweblogic Events Manager 5.3
Netweblogic Events Manager 5.3.2
Netweblogic Events Manager 5.3.1
Netweblogic Events Manager
Netweblogic Events Manager 5.3.3
Netweblogic Events Manager 5.3.2.1
Netweblogic Events Manager Pro 2.2.2
Netweblogic Events Manager Pro 2.2.1
Netweblogic Events Manager Pro 2.2.4
Netweblogic Events Manager Pro 2.2.3
Netweblogic Events Manager Pro 2.2.8
Netweblogic Events Manager Pro
Netweblogic Events Manager Pro 2.2
Netweblogic Events Manager Pro 2.2.6
Netweblogic Events Manager Pro 2.2.5
4.3
CVSSv2
CVE-2014-6312
Cross-site request forgery (CSRF) vulnerability in the Login Widget With Shortcode (login-sidebar-widget) plugin prior to 3.2.1 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks ...
Login Widget With Shortcode Project Login Widget With Shortcode 1.0.1
Login Widget With Shortcode Project Login Widget With Shortcode 2.0.2
Login Widget With Shortcode Project Login Widget With Shortcode 2.2.3
Login Widget With Shortcode Project Login Widget With Shortcode 2.2.4
Login Widget With Shortcode Project Login Widget With Shortcode
Login Widget With Shortcode Project Login Widget With Shortcode 2.0.1
Login Widget With Shortcode Project Login Widget With Shortcode 2.1.3
1 EDB exploit
5
CVSSv2
CVE-2012-6112
classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon prior to 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x prior to 2.1.10, 2.2.x prior to 2.2.7, 2.3.x prior to 2.3.4, and 2.4.x prior to 2.4.1 and other products, does not properly handle control charact...
Tinymce Spellchecker Php 2.0
Tinymce Spellchecker Php 2.0.2
Tinymce Spellchecker Php 2.0.1
Tinymce Spellchecker Php 2.0.6
Tinymce Spellchecker Php 2.0.3
Moodle Moodle 2.1.0
Moodle Moodle 2.1.4
Moodle Moodle 2.1.7
Moodle Moodle 2.1.8
Moodle Moodle 2.1.9
Moodle Moodle 2.1.2
Moodle Moodle 2.1.1
Moodle Moodle 2.1.3
Moodle Moodle 2.1.5
Moodle Moodle 2.1.6
Moodle Moodle 2.2.3
Moodle Moodle 2.2.1
Moodle Moodle 2.2.4
Moodle Moodle 2.2.6
Moodle Moodle 2.2.5
Moodle Moodle 2.2.0
Moodle Moodle 2.2.2
10
CVSSv2
CVE-2012-3576
Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin prior to 2.5.30 for WordPress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads...
Jquindlen Wpstorecart 2.5.24
Jquindlen Wpstorecart 2.5.23
Jquindlen Wpstorecart 2.5.15
Jquindlen Wpstorecart 2.5.14
Jquindlen Wpstorecart 2.5.7
Jquindlen Wpstorecart 2.5.5
Jquindlen Wpstorecart 2.4.14
Jquindlen Wpstorecart 2.4.13
Jquindlen Wpstorecart 2.4.5
Jquindlen Wpstorecart 2.4.4
Jquindlen Wpstorecart 2.3.15
Jquindlen Wpstorecart 2.3.14
Jquindlen Wpstorecart 2.3.7
Jquindlen Wpstorecart 2.3.6
Jquindlen Wpstorecart 2.2.8
Jquindlen Wpstorecart 2.2.7
Jquindlen Wpstorecart 2.2.0
Jquindlen Wpstorecart 2.1.8
Jquindlen Wpstorecart 2.1.1
Jquindlen Wpstorecart 2.1.0
Jquindlen Wpstorecart 2.0.6
Jquindlen Wpstorecart 2.0.5
1 EDB exploit
4.3
CVSSv2
CVE-2013-6342
Cross-site scripting (XSS) vulnerability in the Tweet Blender plugin prior to 4.0.2 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the tb_tab_index parameter to wp-admin/options-general.php.
Tweet-blender Tweet-blender
Tweet-blender Tweet-blender 4.0.0
Tweet-blender Tweet-blender 3.3.15
Tweet-blender Tweet-blender 3.3.14
Tweet-blender Tweet-blender 3.3.0
Tweet-blender Tweet-blender 3.2.4
Tweet-blender Tweet-blender 3.2.3
Tweet-blender Tweet-blender 3.2.2
Tweet-blender Tweet-blender 3.1.8
Tweet-blender Tweet-blender 3.1.7
Tweet-blender Tweet-blender 3.1.6
Tweet-blender Tweet-blender 3.1.5
Tweet-blender Tweet-blender 3.1.4
Tweet-blender Tweet-blender 3.0.0
Tweet-blender Tweet-blender 2.4.7
Tweet-blender Tweet-blender 2.4.6
Tweet-blender Tweet-blender 2.4.5
Tweet-blender Tweet-blender 2.0.4
Tweet-blender Tweet-blender 2.0.3
Tweet-blender Tweet-blender 2.0.2
Tweet-blender Tweet-blender 2.0.1
Tweet-blender Tweet-blender 3.3.9
7.5
CVSSv2
CVE-2014-4725
The MailPoet Newsletters (wysija-newsletters) plugin prior to 2.6.7 for WordPress allows remote malicious users to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/...
Mailpoet Mailpoet Newsletters 2.6.4
Mailpoet Mailpoet Newsletters 2.6.3
Mailpoet Mailpoet Newsletters 2.6.2
Mailpoet Mailpoet Newsletters 2.6.1
Mailpoet Mailpoet Newsletters 2.5.1
Mailpoet Mailpoet Newsletters 2.5
Mailpoet Mailpoet Newsletters 2.4.4
Mailpoet Mailpoet Newsletters 2.4.3
Mailpoet Mailpoet Newsletters 2.2
Mailpoet Mailpoet Newsletters 2.1.9
Mailpoet Mailpoet Newsletters 2.1.8
Mailpoet Mailpoet Newsletters 2.1.7
Mailpoet Mailpoet Newsletters 2.1.6
Mailpoet Mailpoet Newsletters 2.0.4
Mailpoet Mailpoet Newsletters
Mailpoet Mailpoet Newsletters 2.6
Mailpoet Mailpoet Newsletters 2.5.9.3
Mailpoet Mailpoet Newsletters 2.5.7
Mailpoet Mailpoet Newsletters 2.5.4
Mailpoet Mailpoet Newsletters 2.5.2
Mailpoet Mailpoet Newsletters 2.4.2
Mailpoet Mailpoet Newsletters 2.4
1 EDB exploit
NA
CVE-2022-27235
Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress.
Supsystic Social Share Buttons
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »