Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2011-5270
wp-admin/press-this.php in WordPress prior to 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role.
Wordpress Wordpress
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.0
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.0.3
NA
CVE-2013-6992
Cross-site request forgery (CSRF) vulnerability in askapache-firefox-adsense.php in the AskApache Firefox Adsense plugin 3.0 and previous versions for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scrip...
Askapache Firefox Adsense
NA
CVE-2013-4626
Cross-site scripting (XSS) vulnerability in the BackWPup plugin prior to 3.0.13 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the tab parameter to wp-admin/admin.php.
Marketpress Backwpup Plugin
Marketpress Backwpup Plugin 3.0
Marketpress Backwpup Plugin 3.0.1
Marketpress Backwpup Plugin 3.0.2
Marketpress Backwpup Plugin 3.0.3
Marketpress Backwpup Plugin 3.0.4
Marketpress Backwpup Plugin 3.0.5
Marketpress Backwpup Plugin 3.0.6
Marketpress Backwpup Plugin 3.0.7
Marketpress Backwpup Plugin 3.0.8
Marketpress Backwpup Plugin 3.0.9
Marketpress Backwpup Plugin 3.0.10
Marketpress Backwpup Plugin 3.0.11
NA
CVE-2013-5711
Cross-site scripting (XSS) vulnerability in admin/walkthrough/walkthrough.php in the Design Approval System plugin prior to 3.7 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the step parameter.
Slickremix Design Approval System Plugin 2.0
Slickremix Design Approval System Plugin 2.4
Slickremix Design Approval System Plugin 1.9
Slickremix Design Approval System Plugin 2.1
Slickremix Design Approval System Plugin 1.1
Slickremix Design Approval System Plugin 2.5
Slickremix Design Approval System Plugin 2.2
Slickremix Design Approval System Plugin 2.3
Slickremix Design Approval System Plugin 2.8
Slickremix Design Approval System Plugin 1.6
Slickremix Design Approval System Plugin 3.2
Slickremix Design Approval System Plugin 3.0
Slickremix Design Approval System Plugin 3.3
Slickremix Design Approval System Plugin 1.8
Slickremix Design Approval System Plugin 1.7
Slickremix Design Approval System Plugin 1.2
Slickremix Design Approval System Plugin 2.6
Slickremix Design Approval System Plugin 3.5
Slickremix Design Approval System Plugin 1.4
Slickremix Design Approval System Plugin 3.1
Slickremix Design Approval System Plugin 1.0
Slickremix Design Approval System Plugin 3.4
NA
CVE-2012-3414
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and previous versions, as used in WordPress prior to 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote malicious users to inject arbitrary web script or HTML via the movieName paramet...
Wordpress Wordpress 3.0.5
Swfupload Project Swfupload 2.0.2
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.2.1
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.0
Wordpress Wordpress 3.2
Swfupload Project Swfupload 2.2.0
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.1.3
Swfupload Project Swfupload 2.1.0
Tinymce Image Manager 1.1
Wordpress Wordpress
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.1
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.0.6
Swfupload Project Swfupload
Wordpress Wordpress 3.1.1
Wordpress Wordpress -
Wordpress Wordpress 3.3
Wordpress Wordpress 3.0.3
1 EDB exploit
2 Github repositories
1 Article
NA
CVE-2013-2707
Cross-site request forgery (CSRF) vulnerability in the Login With Ajax plugin prior to 3.1 for WordPress allows remote malicious users to hijack the authentication of arbitrary users for requests that modify this plugin's settings.
Netweblogic Login With Ajax 2.1
Netweblogic Login With Ajax 2.1.1
Netweblogic Login With Ajax 2.1.2
Netweblogic Login With Ajax 2.1.3
Netweblogic Login With Ajax 2.1.4
Netweblogic Login With Ajax 2.1.5
Netweblogic Login With Ajax 2.2
Netweblogic Login With Ajax 2.21
Netweblogic Login With Ajax 3.0
Netweblogic Login With Ajax 3.0.1
Netweblogic Login With Ajax 3.0.2
Netweblogic Login With Ajax 3.0.3
Netweblogic Login With Ajax 3.0.4
Netweblogic Login With Ajax 3.0.4.1
Netweblogic Login With Ajax 3.0b
Netweblogic Login With Ajax 3.0b3
Netweblogic Login With Ajax 3.1
NA
CVE-2012-4421
The create_post function in wp-includes/class-wp-atom-server.php in WordPress prior to 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the ...
Wordpress Wordpress 3.0.5
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 1.2.3
Wordpress Wordpress 3.4.0
Wordpress Wordpress 2.0.11
Wordpress Wordpress 1.3.3
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.1
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.2.4
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.0.4
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.2.1
Wordpress Wordpress 3.1.4
Wordpress Wordpress 2.2
NA
CVE-2012-4422
wp-admin/plugins.php in WordPress prior to 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin ...
Wordpress Wordpress 3.0.5
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 1.2.3
Wordpress Wordpress 3.4.0
Wordpress Wordpress 2.0.11
Wordpress Wordpress 1.3.3
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.1
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.2.4
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.0.4
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.2.1
Wordpress Wordpress 3.1.4
Wordpress Wordpress 2.2
NA
CVE-2010-5106
The XML-RPC remote publishing interface in xmlrpc.php in WordPress prior to 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role...
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 1.2.3
Wordpress Wordpress 2.0.11
Wordpress Wordpress 1.3.3
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.1
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.2.4
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 2.1.3
Wordpress Wordpress 1.3.2
Wordpress Wordpress 3.0
Wordpress Wordpress 2.8
NA
CVE-2012-4327
Unspecified vulnerability in the Image News slider plugin prior to 3.3 for WordPress has unspecified impact and remote attack vectors.
Wpslideshow Image News Slider
Wpslideshow Image News Slider 3.0
Wpslideshow Image News Slider 3.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »