Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.5.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-6762
Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto parameter.
Wordpress Wordpress 2.6
NA
CVE-2008-5113
WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote malicious users to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete us...
Wordpress Wordpress 2.6.3
NA
CVE-2008-4796
The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and previous versions, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote malicious users to execute arbitrary commands vi...
Snoopy Project Snoopy
Debian Debian Linux 5.0
Debian Debian Linux 4.0
Nagios Nagios
Wordpress Wordpress
NA
CVE-2011-4671
SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions prior to 3.6.8, for WordPress allows remote malicious users to execute arbitrary SQL commands via the track parameter (aka redirect URL).
Adrotateplugin Adrotate
Adrotateplugin Adrotate 0.1
Adrotateplugin Adrotate 0.2
Adrotateplugin Adrotate 0.3
Adrotateplugin Adrotate 0.4
Adrotateplugin Adrotate 0.5
Adrotateplugin Adrotate 0.6
Adrotateplugin Adrotate 0.7
Adrotateplugin Adrotate 0.7.1
Adrotateplugin Adrotate 0.8
Adrotateplugin Adrotate 1.0
Adrotateplugin Adrotate 2.0
Adrotateplugin Adrotate 2.0.1
Adrotateplugin Adrotate 2.1
Adrotateplugin Adrotate 2.2
Adrotateplugin Adrotate 2.3
Adrotateplugin Adrotate 2.3.1
Adrotateplugin Adrotate 2.4
Adrotateplugin Adrotate 2.4.1
Adrotateplugin Adrotate 2.4.2
Adrotateplugin Adrotate 2.4.3
Adrotateplugin Adrotate 2.4.4
2 EDB exploits
NA
CVE-2012-4915
Directory traversal vulnerability in the Google Doc Embedder plugin prior to 2.5.4 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php.
Davistribe Google Doc Embedder
Davistribe Google Doc Embedder 2.0
Davistribe Google Doc Embedder 2.1
Davistribe Google Doc Embedder 2.2
Davistribe Google Doc Embedder 2.2.1
Davistribe Google Doc Embedder 2.2.2
Davistribe Google Doc Embedder 2.2.3
Davistribe Google Doc Embedder 2.3
Davistribe Google Doc Embedder 2.4
Davistribe Google Doc Embedder 2.4.1
Davistribe Google Doc Embedder 2.4.2
Davistribe Google Doc Embedder 2.4.3
Davistribe Google Doc Embedder 2.4.4
Davistribe Google Doc Embedder 2.4.5
Davistribe Google Doc Embedder 2.4.6
Davistribe Google Doc Embedder 2.5
Davistribe Google Doc Embedder 2.5.1
Davistribe Google Doc Embedder 2.5.2
1 EDB exploit
1 Github repository
NA
CVE-2013-3526
Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and previous versions, for WordPress allows remote malicious users to inject arbitrary web script or HTML via the aoid parameter.
Wptrafficanalyzer Trafficanalyzer 1.0.0
Wptrafficanalyzer Trafficanalyzer 1.1.0
Wptrafficanalyzer Trafficanalyzer 1.1.1
Wptrafficanalyzer Trafficanalyzer 1.1.2
Wptrafficanalyzer Trafficanalyzer 1.1.3
Wptrafficanalyzer Trafficanalyzer 1.2.0
Wptrafficanalyzer Trafficanalyzer 1.3.0
Wptrafficanalyzer Trafficanalyzer 1.4.0
Wptrafficanalyzer Trafficanalyzer 1.5.0
Wptrafficanalyzer Trafficanalyzer 1.6.0
Wptrafficanalyzer Trafficanalyzer 1.6.1
Wptrafficanalyzer Trafficanalyzer 1.7.0
Wptrafficanalyzer Trafficanalyzer 1.8.0
Wptrafficanalyzer Trafficanalyzer 1.9.0
Wptrafficanalyzer Trafficanalyzer 2.0.0
Wptrafficanalyzer Trafficanalyzer 2.1.0
Wptrafficanalyzer Trafficanalyzer 2.2.0
Wptrafficanalyzer Trafficanalyzer 2.2.1
Wptrafficanalyzer Trafficanalyzer 2.3.0
Wptrafficanalyzer Trafficanalyzer 2.4.0
Wptrafficanalyzer Trafficanalyzer 2.4.1
Wptrafficanalyzer Trafficanalyzer 2.5.0
1 EDB exploit
NA
CVE-2013-1852
SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin prior to 3.8.1 for WordPress allows remote malicious users to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php.
Kolja Schleich Leaguemanager 3.6.8
Kolja Schleich Leaguemanager 3.6.7
Kolja Schleich Leaguemanager 3.4.1
Kolja Schleich Leaguemanager 3.6.9
Kolja Schleich Leaguemanager 1.2.2
Kolja Schleich Leaguemanager 3.0.3
Kolja Schleich Leaguemanager 3.5.1
Kolja Schleich Leaguemanager 3.7
Kolja Schleich Leaguemanager 2.2
Kolja Schleich Leaguemanager 3.2
Kolja Schleich Leaguemanager 3.5.6
Kolja Schleich Leaguemanager 3.0.2
Kolja Schleich Leaguemanager 1.4.2
Kolja Schleich Leaguemanager 2.5.2
Kolja Schleich Leaguemanager
Kolja Schleich Leaguemanager 3.5
Kolja Schleich Leaguemanager 2.9.2
Kolja Schleich Leaguemanager 3.5.2
Kolja Schleich Leaguemanager 3.6.2
Kolja Schleich Leaguemanager 3.1.9
Kolja Schleich Leaguemanager 3.0.1
Kolja Schleich Leaguemanager 1.3
1 EDB exploit
1 Github repository
6.1
CVSSv3
CVE-2015-8350
Multiple cross-site scripting (XSS) vulnerabilities in the Calls to Action plugin prior to 2.5.1 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) open-tab parameter in a wp_cta_global_settings action to wp-admin/edit.php or (2) wp-cta-...
Inboundnow Call To Action
NA
CVE-2012-3576
Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin prior to 2.5.30 for WordPress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads...
Jquindlen Wpstorecart
Jquindlen Wpstorecart 0.62
Jquindlen Wpstorecart 1.0.0
Jquindlen Wpstorecart 2.0.0
Jquindlen Wpstorecart 2.0.1
Jquindlen Wpstorecart 2.0.2
Jquindlen Wpstorecart 2.0.3
Jquindlen Wpstorecart 2.0.4
Jquindlen Wpstorecart 2.0.5
Jquindlen Wpstorecart 2.0.6
Jquindlen Wpstorecart 2.0.7
Jquindlen Wpstorecart 2.0.8
Jquindlen Wpstorecart 2.0.9
Jquindlen Wpstorecart 2.0.10
Jquindlen Wpstorecart 2.0.11
Jquindlen Wpstorecart 2.0.12
Jquindlen Wpstorecart 2.0.13
Jquindlen Wpstorecart 2.1.0
Jquindlen Wpstorecart 2.1.1
Jquindlen Wpstorecart 2.1.2
Jquindlen Wpstorecart 2.1.3
Jquindlen Wpstorecart 2.1.4
1 EDB exploit
NA
CVE-2014-4725
The MailPoet Newsletters (wysija-newsletters) plugin prior to 2.6.7 for WordPress allows remote malicious users to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/...
Mailpoet Mailpoet Newsletters 2.1.1
Mailpoet Mailpoet Newsletters 2.0.6
Mailpoet Mailpoet Newsletters 1.1.5
Mailpoet Mailpoet Newsletters 2.0
Mailpoet Mailpoet Newsletters 2.1.2
Mailpoet Mailpoet Newsletters 2.6.3
Mailpoet Mailpoet Newsletters 1.0.1
Mailpoet Mailpoet Newsletters 2.5.4
Mailpoet Mailpoet Newsletters 0.9.2
Mailpoet Mailpoet Newsletters 2.3.1
Mailpoet Mailpoet Newsletters 2.4.1
Mailpoet Mailpoet Newsletters 2.3.2
Mailpoet Mailpoet Newsletters 2.6
Mailpoet Mailpoet Newsletters 2.5.9.3
Mailpoet Mailpoet Newsletters 2.0.7
Mailpoet Mailpoet Newsletters 2.0.8
Mailpoet Mailpoet Newsletters 2.0.9
Mailpoet Mailpoet Newsletters 2.4.4
Mailpoet Mailpoet Newsletters 2.6.4
Mailpoet Mailpoet Newsletters 2.5.3
Mailpoet Mailpoet Newsletters 2.3.3
Mailpoet Mailpoet Newsletters 2.0.5
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »