Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.0.4 vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2018-11526
The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection.
Webtoffee Wordpress Comments Import And Export
1 EDB exploit
NA
CVE-2013-4240
Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS Testimonials plugin prior to 2.0.11 for WordPress allow remote malicious users to hijack the authentication of administrators for requests that (1) add new testimonials via the hms-testimonials-addnew page, (2)...
Hitmyserver Hms Testimonials 2.0.7
Hitmyserver Hms Testimonials 2.0.6
Hitmyserver Hms Testimonials 2.0.5
Hitmyserver Hms Testimonials 2.0.4
Hitmyserver Hms Testimonials 1.3
Hitmyserver Hms Testimonials 1.2
Hitmyserver Hms Testimonials 1.1
Hitmyserver Hms Testimonials 2.0.9
Hitmyserver Hms Testimonials 2.0.2
Hitmyserver Hms Testimonials 2.0
Hitmyserver Hms Testimonials 1.6
Hitmyserver Hms Testimonials 1.4.1
Hitmyserver Hms Testimonials 1.7.1
Hitmyserver Hms Testimonials 1.7
Hitmyserver Hms Testimonials 1.6.2
Hitmyserver Hms Testimonials 1.6.1
Hitmyserver Hms Testimonials
Hitmyserver Hms Testimonials 2.0.8
Hitmyserver Hms Testimonials 2.0.3
Hitmyserver Hms Testimonials 2.0.1
Hitmyserver Hms Testimonials 1.5
Hitmyserver Hms Testimonials 1.4
1 EDB exploit
NA
CVE-2013-1408
Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin prior to 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php. NOTE: this can be leveraged using CS...
Wysija Newsletters Project Wysija Newsletters 2.1.4
Wysija Newsletters Project Wysija Newsletters 2.1.3
Wysija Newsletters Project Wysija Newsletters 2.0.7
Wysija Newsletters Project Wysija Newsletters 2.0.6
Wysija Newsletters Project Wysija Newsletters 2.1.8
Wysija Newsletters Project Wysija Newsletters 2.1.7
Wysija Newsletters Project Wysija Newsletters 2.1
Wysija Newsletters Project Wysija Newsletters 2.1.6
Wysija Newsletters Project Wysija Newsletters 2.1.5
Wysija Newsletters Project Wysija Newsletters 2.0.9
Wysija Newsletters Project Wysija Newsletters 2.0.8
Wysija Newsletters Project Wysija Newsletters 2.0
Wysija Newsletters Project Wysija Newsletters 2.0.9.5
Wysija Newsletters Project Wysija Newsletters 2.0.3
Wysija Newsletters Project Wysija Newsletters 2.0.2
Wysija Newsletters Project Wysija Newsletters 2.0.1
Wysija Newsletters Project Wysija Newsletters
Wysija Newsletters Project Wysija Newsletters 2.1.9
Wysija Newsletters Project Wysija Newsletters 2.1.2
Wysija Newsletters Project Wysija Newsletters 2.1.1
Wysija Newsletters Project Wysija Newsletters 2.0.5
Wysija Newsletters Project Wysija Newsletters 2.0.4
1 EDB exploit
NA
CVE-2011-3858
Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme prior to 2.1.6 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the s parameter.
Zespia Pixiv Custom
Zespia Pixiv Custom 1.0
Zespia Pixiv Custom 1.0.1
Zespia Pixiv Custom 1.0.2
Zespia Pixiv Custom 1.1
Zespia Pixiv Custom 1.1.1
Zespia Pixiv Custom 1.1.2
Zespia Pixiv Custom 1.1.3
Zespia Pixiv Custom 1.1.4
Zespia Pixiv Custom 1.1.5
Zespia Pixiv Custom 1.1.6
Zespia Pixiv Custom 1.1.7
Zespia Pixiv Custom 1.1.9
Zespia Pixiv Custom 1.1.10
Zespia Pixiv Custom 1.1.11
Zespia Pixiv Custom 1.1.12
Zespia Pixiv Custom 1.1.13
Zespia Pixiv Custom 1.1.14
Zespia Pixiv Custom 1.2.0
Zespia Pixiv Custom 1.2.1
Zespia Pixiv Custom 1.3.0
Zespia Pixiv Custom 1.3.1
1 EDB exploit
NA
CVE-2014-4942
The EasyCart (wp-easycart) plugin prior to 2.0.6 for WordPress allows remote malicious users to obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function.
Levelfourdevelopment Wp-easycart 2.0.1
Levelfourdevelopment Wp-easycart 2.0.4
Levelfourdevelopment Wp-easycart 2.0.2
Levelfourdevelopment Wp-easycart
Levelfourdevelopment Wp-easycart 2.0.3
NA
CVE-2014-4030
Cross-site request forgery (CSRF) vulnerability in the JW Player plugin prior to 2.1.4 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that remove players via a delete action to wp-admin/admin.php.
Longtailvideo Jw Player For Flash \\& Html5 Video Plugin 2.0.4
Longtailvideo Jw Player For Flash \\& Html5 Video Plugin 2.0.3
Longtailvideo Jw Player For Flash \\& Html5 Video Plugin 2.0.2
Longtailvideo Jw Player For Flash \\& Html5 Video Plugin 2.0.1
Longtailvideo Jw Player For Flash \\& Html5 Video Plugin 2.1.1
Longtailvideo Jw Player For Flash \\& Html5 Video Plugin 2.0.5
Longtailvideo Jw Player For Flash \\& Html5 Video Plugin 2.0.0
Longtailvideo Jw Player For Flash \\& Html5 Video Plugin
Longtailvideo Jw Player For Flash \\& Html5 Video Plugin 2.1.2
Longtailvideo Jw Player For Flash \\& Html5 Video Plugin 2.1.0
1 EDB exploit
NA
CVE-2014-7138
Cross-site scripting (XSS) vulnerability in the Google Calendar Events plugin prior to 2.0.4 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the gce_feed_ids parameter in a gce_ajax action to wp-admin/admin-ajax.php.
Google Calendar Events Project Google Calendar Events
NA
CVE-2014-8877
The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin prior to 2.0.4 for WordPress allows remote malicious users to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by t...
Creative Minds Cm Download Manager
Creative Minds Cm Download Manager 2.0.2
Creative Minds Cm Download Manager 2.0.1
Creative Minds Cm Download Manager 2.0.0
1 EDB exploit
2 Nmap scripts
1 Github repository
NA
CVE-2012-3576
Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin prior to 2.5.30 for WordPress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads...
Jquindlen Wpstorecart 2.5.24
Jquindlen Wpstorecart 2.5.23
Jquindlen Wpstorecart 2.5.15
Jquindlen Wpstorecart 2.5.14
Jquindlen Wpstorecart 2.5.7
Jquindlen Wpstorecart 2.5.5
Jquindlen Wpstorecart 2.4.14
Jquindlen Wpstorecart 2.4.13
Jquindlen Wpstorecart 2.4.5
Jquindlen Wpstorecart 2.4.4
Jquindlen Wpstorecart 2.3.15
Jquindlen Wpstorecart 2.3.14
Jquindlen Wpstorecart 2.3.7
Jquindlen Wpstorecart 2.3.6
Jquindlen Wpstorecart 2.2.8
Jquindlen Wpstorecart 2.2.7
Jquindlen Wpstorecart 2.2.0
Jquindlen Wpstorecart 2.1.8
Jquindlen Wpstorecart 2.1.1
Jquindlen Wpstorecart 2.1.0
Jquindlen Wpstorecart 2.0.6
Jquindlen Wpstorecart 2.0.5
1 EDB exploit
NA
CVE-2013-6342
Cross-site scripting (XSS) vulnerability in the Tweet Blender plugin prior to 4.0.2 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the tb_tab_index parameter to wp-admin/options-general.php.
Tweet-blender Tweet-blender
Tweet-blender Tweet-blender 4.0.0
Tweet-blender Tweet-blender 3.3.15
Tweet-blender Tweet-blender 3.3.14
Tweet-blender Tweet-blender 3.3.0
Tweet-blender Tweet-blender 3.2.4
Tweet-blender Tweet-blender 3.2.3
Tweet-blender Tweet-blender 3.2.2
Tweet-blender Tweet-blender 3.1.8
Tweet-blender Tweet-blender 3.1.7
Tweet-blender Tweet-blender 3.1.6
Tweet-blender Tweet-blender 3.1.5
Tweet-blender Tweet-blender 3.1.4
Tweet-blender Tweet-blender 3.0.0
Tweet-blender Tweet-blender 2.4.7
Tweet-blender Tweet-blender 2.4.6
Tweet-blender Tweet-blender 2.4.5
Tweet-blender Tweet-blender 2.0.4
Tweet-blender Tweet-blender 2.0.3
Tweet-blender Tweet-blender 2.0.2
Tweet-blender Tweet-blender 2.0.1
Tweet-blender Tweet-blender 3.3.9
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »