Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.0 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2015-4455
Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct...
Aviary Image Editor Add-on For Gravity Forms Project Aviary Image Editor Add-on For Gravity Forms
1 EDB exploit
NA
CVE-2013-5711
Cross-site scripting (XSS) vulnerability in admin/walkthrough/walkthrough.php in the Design Approval System plugin prior to 3.7 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the step parameter.
Slickremix Design Approval System Plugin 2.6
Slickremix Design Approval System Plugin 2.5
Slickremix Design Approval System Plugin 2.4
Slickremix Design Approval System Plugin 2.3
Slickremix Design Approval System Plugin 3.4
Slickremix Design Approval System Plugin 3.3
Slickremix Design Approval System Plugin 3.2
Slickremix Design Approval System Plugin 3.1
Slickremix Design Approval System Plugin 1.8
Slickremix Design Approval System Plugin 1.7
Slickremix Design Approval System Plugin 1.6
Slickremix Design Approval System Plugin 1.5
Slickremix Design Approval System Plugin 1.4
Slickremix Design Approval System Plugin 3.5
Slickremix Design Approval System Plugin 3.0
Slickremix Design Approval System Plugin 2.8
Slickremix Design Approval System Plugin 2.1
Slickremix Design Approval System Plugin 1.9
Slickremix Design Approval System Plugin 1.2
Slickremix Design Approval System Plugin 1.0
Slickremix Design Approval System Plugin
Slickremix Design Approval System Plugin 2.9
4.8
CVSSv3
CVE-2021-24444
The TaxoPress – Create and Manage Taxonomies, Tags, Categories WordPress plugin prior to 3.0.7.2 does not sanitise its Taxonomy description field, allowing high privilege users to set JavaScript payload in them even when the unfiltered_html capability is disallowed, leading...
Taxopress Taxopress
NA
CVE-2014-4717
Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin prior to 4.5 for WordPress allow remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba...
Sharethis Simple Share Buttons Adder 2.2
Sharethis Simple Share Buttons Adder 2.0
Sharethis Simple Share Buttons Adder 1.0
Sharethis Simple Share Buttons Adder 3.2
Sharethis Simple Share Buttons Adder 3.9
Sharethis Simple Share Buttons Adder 3.8
Sharethis Simple Share Buttons Adder 1.5
Sharethis Simple Share Buttons Adder 2.3
Sharethis Simple Share Buttons Adder 1.1
Sharethis Simple Share Buttons Adder 3.1
Sharethis Simple Share Buttons Adder 3.0
Sharethis Simple Share Buttons Adder 2.9
Sharethis Simple Share Buttons Adder 1.3
Sharethis Simple Share Buttons Adder 4.1
Sharethis Simple Share Buttons Adder 4.0
Sharethis Simple Share Buttons Adder 2.4
Sharethis Simple Share Buttons Adder
Sharethis Simple Share Buttons Adder 4.2
Sharethis Simple Share Buttons Adder 3.5
Sharethis Simple Share Buttons Adder 2.8
Sharethis Simple Share Buttons Adder 2.6
Sharethis Simple Share Buttons Adder 1.9
1 EDB exploit
NA
CVE-2014-5324
Unrestricted file upload vulnerability in the N-Media file uploader plugin prior to 3.4 for WordPress allows remote authenticated users to execute arbitrary PHP code by leveraging Author privileges to store a file.
Najeebmedia N-media File Uploader 3.0
Najeebmedia N-media File Uploader 3.1
Najeebmedia N-media File Uploader
Najeebmedia N-media File Uploader 3.2
NA
CVE-2012-4283
Cross-site scripting (XSS) vulnerability in the Login With Ajax plugin prior to 3.0.4.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the callback parameter.
Netweblogic Login With Ajax 3.0.1
Netweblogic Login With Ajax 2.21
Netweblogic Login With Ajax 2.1.1
Netweblogic Login With Ajax
Netweblogic Login With Ajax 3.0.3
Netweblogic Login With Ajax 3.0.2
Netweblogic Login With Ajax 2.2
Netweblogic Login With Ajax 2.1.5
Netweblogic Login With Ajax 2.1.4
Netweblogic Login With Ajax 2.1.3
Netweblogic Login With Ajax 2.1.2
Netweblogic Login With Ajax 3.0
Netweblogic Login With Ajax 3.0b
Netweblogic Login With Ajax 2.1
NA
CVE-2013-6992
Cross-site request forgery (CSRF) vulnerability in askapache-firefox-adsense.php in the AskApache Firefox Adsense plugin 3.0 and previous versions for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scrip...
Askapache Firefox Adsense
NA
CVE-2012-2759
Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the Login With Ajax (aka login-with-ajax) plugin prior to 3.0.4.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the callback parameter in a lostpassword action to wp-login....
Netweblogic Login With Ajax 2.1.5
Netweblogic Login With Ajax 2.2
Netweblogic Login With Ajax 2.1.3
Netweblogic Login With Ajax 2.1.4
Netweblogic Login With Ajax 3.0.2
Netweblogic Login With Ajax 3.0.3
Netweblogic Login With Ajax
Netweblogic Login With Ajax 2.1.1
Netweblogic Login With Ajax 2.1.2
Netweblogic Login With Ajax 3.0
Netweblogic Login With Ajax 3.0.1
Netweblogic Login With Ajax 2.1
Netweblogic Login With Ajax 2.21
Netweblogic Login With Ajax 3.0b
NA
CVE-2013-2707
Cross-site request forgery (CSRF) vulnerability in the Login With Ajax plugin prior to 3.1 for WordPress allows remote malicious users to hijack the authentication of arbitrary users for requests that modify this plugin's settings.
Netweblogic Login With Ajax 2.2
Netweblogic Login With Ajax 2.1.5
Netweblogic Login With Ajax 2.1.4
Netweblogic Login With Ajax 2.1.3
Netweblogic Login With Ajax 3.0
Netweblogic Login With Ajax 3.0.1
Netweblogic Login With Ajax 3.0.2
Netweblogic Login With Ajax 3.0.3
Netweblogic Login With Ajax 3.0.4.1
Netweblogic Login With Ajax 2.1.1
Netweblogic Login With Ajax 2.1
Netweblogic Login With Ajax 3.0b3
Netweblogic Login With Ajax 3.0.4
Netweblogic Login With Ajax 3.1
Netweblogic Login With Ajax 2.21
Netweblogic Login With Ajax 2.1.2
Netweblogic Login With Ajax 3.0b
NA
CVE-2011-3854
Cross-site scripting (XSS) vulnerability in the ZenLite theme prior to 4.4 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the s parameter.
Quirm Zenlite
Quirm Zenlite 1.0
Quirm Zenlite 1.1
Quirm Zenlite 1.2
Quirm Zenlite 1.3
Quirm Zenlite 2.0
Quirm Zenlite 2.1
Quirm Zenlite 2.2
Quirm Zenlite 2.4
Quirm Zenlite 2.5
Quirm Zenlite 2.6
Quirm Zenlite 2.7
Quirm Zenlite 3.0
Quirm Zenlite 3.1
Quirm Zenlite 3.2
Quirm Zenlite 3.3
Quirm Zenlite 3.4
Quirm Zenlite 3.5
Quirm Zenlite 3.51
Quirm Zenlite 3.52
Quirm Zenlite 3.60
Quirm Zenlite 3.61
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »