Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.5 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-1688
Wordpress 1.5 and previous versions allows remote malicious users to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message.
Wordpress Wordpress
NA
CVE-2014-8585
Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.
Wpdownloadmanager Wordpress Download Manager 2.6.91
Wpdownloadmanager Wordpress Download Manager 2.6.9
Wpdownloadmanager Wordpress Download Manager 2.6.2
Wpdownloadmanager Wordpress Download Manager 2.6.1
Wpdownloadmanager Wordpress Download Manager 2.5.93
Wpdownloadmanager Wordpress Download Manager 2.5.92
Wpdownloadmanager Wordpress Download Manager 2.5.4
Wpdownloadmanager Wordpress Download Manager 2.5.3
Wpdownloadmanager Wordpress Download Manager 2.4.6
Wpdownloadmanager Wordpress Download Manager 2.4.5
Wpdownloadmanager Wordpress Download Manager 2.3.7
Wpdownloadmanager Wordpress Download Manager 2.3.6
Wpdownloadmanager Wordpress Download Manager 2.2.9
Wpdownloadmanager Wordpress Download Manager 2.2.8
Wpdownloadmanager Wordpress Download Manager 2.2.1
Wpdownloadmanager Wordpress Download Manager 2.2.0
Wpdownloadmanager Wordpress Download Manager 2.1.3
Wpdownloadmanager Wordpress Download Manager 2.0.16
Wpdownloadmanager Wordpress Download Manager 2.0.15
Wpdownloadmanager Wordpress Download Manager 2.0.8
Wpdownloadmanager Wordpress Download Manager 2.0.7
Wpdownloadmanager Wordpress Download Manager 1.5.33
NA
CVE-2013-2705
Cross-site request forgery (CSRF) vulnerability in the WordPress Simple Paypal Shopping Cart plugin prior to 3.6 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that change plugin settings.
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 3.3.1
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 3.2.9
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.5
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.3
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.1
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.6
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.4
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 3.2.8
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 3.2.7
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.8
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.6
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.2.2
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.2
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 3.4
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.0
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.9
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.8
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.7
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 3.3.2
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 3.3.0
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.4
9.8
CVSSv3
CVE-2007-6013
Wordpress 1.5 up to and including 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows malicious users to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.
Wordpress Wordpress
Fedoraproject Fedora 8
Fedoraproject Fedora 7
NA
CVE-2008-0197
Multiple cross-site scripting (XSS) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and previous versions plugin for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) wpcf_email, (2) wpcf_subject, ...
Wordpress Wp-contactform
4.8
CVSSv3
CVE-2021-24718
The Contact Form, Survey & Popup Form Plugin for WordPress plugin prior to 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Reputeinfosystems Contact Form\\, Survey \\& Popup Form Plugin For Wordpress - Arforms Form Builder
NA
CVE-2014-8375
SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selected_group parameter in a gb_ajax_get_group action to wp-admin/admin-ajax.php.
Gb-plugins Gb Gallery Slideshow 1.5
1 EDB exploit
NA
CVE-2012-1835
Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) befor...
Timely All-in-one Event Calendar 1.5
Timely All-in-one Event Calendar 1.4
4 EDB exploits
NA
CVE-2012-5388
Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, a relate...
Videousermanuals White-label-cms 1.5
1 EDB exploit
NA
CVE-2012-2109
SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x prior to 1.5.5 of WordPress allows remote malicious users to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action.
Buddypress Buddypress 1.5
Buddypress Buddypress 1.5.2
Buddypress Buddypress 1.5.3
Buddypress Buddypress 1.5.3.1
Buddypress Buddypress 1.5.4
Buddypress Buddypress 1.5.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111
CVE-2024-32884
IDOR
CVE-2023-1000
CVE-2024-33260
CVE-2024-3682
reflected XSS
race condition
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »