Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.6 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2008-4671
Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) prior to 2.6 allows remote malicious users to inject arbitrary web script or HTML via the (1) s and (2) ip_address parameters.
Wordpress Wordpress Mu 1.3.1
Wordpress Wordpress Mu 1.3
Wordpress Wordpress Mu 1.2.3
Wordpress Wordpress Mu 1.2.2
Wordpress Wordpress Mu 1.0
Wordpress Wordpress Mu
1 EDB exploit
4.3
CVSSv2
CVE-2008-3233
Cross-site scripting (XSS) vulnerability in WordPress prior to 2.6, SVN development versions only, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Wordpress Wordpress 1.0
Wordpress Wordpress 1.0.1
Wordpress Wordpress 1.0.2
Wordpress Wordpress 1.2
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.10
Wordpress Wordpress 2.0.10 Rc1
Wordpress Wordpress 2.0.10 Rc2
Wordpress Wordpress 2.1.3 Rc1
Wordpress Wordpress 2.1.3 Rc2
Wordpress Wordpress 2.2
Wordpress Wordpress 2.2.0
Wordpress Wordpress 0.7
Wordpress Wordpress 0.711
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.3.1
Wordpress Wordpress 1.5
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 1.6
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.0.9
1 EDB exploit
4
CVSSv2
CVE-2021-24154
The Theme Editor WordPress plugin prior to 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd
4
CVSSv2
CVE-2014-0165
WordPress prior to 3.7.2 and 3.8.x prior to 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php.
Wordpress Wordpress 3.7
Wordpress Wordpress
Wordpress Wordpress 3.4.2
Wordpress Wordpress 3.4.1
Wordpress Wordpress 3.2
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.0.3
Wordpress Wordpress 2.9
Wordpress Wordpress 3.8
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.3.3
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.0.1
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 2.8.5.1
Wordpress Wordpress 3.6.1
Wordpress Wordpress 3.6
Wordpress Wordpress 3.3.2
Wordpress Wordpress 3.3.1
4
CVSSv2
CVE-2013-2200
WordPress prior to 3.5.2 does not properly check the capabilities of roles, which allows remote authenticated users to bypass intended restrictions on publishing and authorship reassignment via unspecified vectors.
Wordpress Wordpress 3.3.2
Wordpress Wordpress 2.5.1
Wordpress Wordpress 2.0.9
Wordpress Wordpress 2.2
Wordpress Wordpress 2.6
Wordpress Wordpress 2.3.1
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.0.5
Wordpress Wordpress 2.9
Wordpress Wordpress 2.9.1
Wordpress Wordpress 2.8.5.1
Wordpress Wordpress 2.8.1
Wordpress Wordpress 1.6.2
Wordpress Wordpress 1.5.2
Wordpress Wordpress 1.0.1
Wordpress Wordpress 1.2.5
Wordpress Wordpress 1.3.2
Wordpress Wordpress 0.71
Wordpress Wordpress 3.3.1
Wordpress Wordpress 3.3.3
Wordpress Wordpress 2.3
Wordpress Wordpress 2.0.8
4
CVSSv2
CVE-2012-4421
The create_post function in wp-includes/class-wp-atom-server.php in WordPress prior to 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the ...
Wordpress Wordpress
Wordpress Wordpress 3.3
Wordpress Wordpress 3.2
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.0.5
Wordpress Wordpress 3.0.6
Wordpress Wordpress 2.3
Wordpress Wordpress 2.8
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.1.2
Wordpress Wordpress 2.7
Wordpress Wordpress 2.8.3
Wordpress Wordpress 2.8.5
Wordpress Wordpress 1.5.1.1
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 1.2
Wordpress Wordpress 1.0.1
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.3
3.5
CVSSv2
CVE-2022-1818
The Multi-page Toolkit WordPress plugin up to and including 2.6 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanit...
Multi-page Toolkit Project Multi-page Toolkit
3.5
CVSSv2
CVE-2022-0388
The Interactive Medical Drawing of Human Body WordPress plugin prior to 2.6 does not sanitise and escape the Link field, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Humananatomyillustrations Interactive Medical Drawing Of Human Body
3.5
CVSSv2
CVE-2012-4422
wp-admin/plugins.php in WordPress prior to 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin ...
Wordpress Wordpress 2.5.1
Wordpress Wordpress 2.1.3
Wordpress Wordpress 2.2.1
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.3.1
Wordpress Wordpress 2.2.2
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.1
Wordpress Wordpress 2.6.5
Wordpress Wordpress 2.8.3
Wordpress Wordpress 2.8.1
Wordpress Wordpress 2.3
Wordpress Wordpress 2.0.8
Wordpress Wordpress 2.8
Wordpress Wordpress 2.0.9
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.10
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.0.5
Wordpress Wordpress 2.7.1
Wordpress Wordpress 2.8.5
2.1
CVSSv2
CVE-2010-5297
WordPress prior to 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances ...
Wordpress Wordpress 2.0.7
Wordpress Wordpress 2.0.8
Wordpress Wordpress 2.0.9
Wordpress Wordpress 2.1
Wordpress Wordpress 2.5.1
Wordpress Wordpress 2.6
Wordpress Wordpress 2.6.1
Wordpress Wordpress 2.6.2
Wordpress Wordpress 2.6.3
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.9
Wordpress Wordpress 2.9.1
Wordpress Wordpress 2.9.1.1
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.0.5
Wordpress Wordpress 2.1.2
Wordpress Wordpress 2.2
Wordpress Wordpress 2.3.1
Wordpress Wordpress 2.3.3
Wordpress Wordpress 2.6.5
Wordpress Wordpress 2.7.1
Wordpress Wordpress 2.8.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
NEXT »