Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.2 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2013-0731
ajax.functions.php in the MailUp plugin prior to 1.3.3 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote malicious users to modify plugin settings and conduct cross-site scripting (XSS) attacks by setting the wordpress_logged_in co...
Mailup Wp-mailup
Mailup Wp-mailup 1.0.0
Mailup Wp-mailup 1.1.0
Mailup Wp-mailup 1.1.1
Mailup Wp-mailup 1.1.2
Mailup Wp-mailup 1.1.3
Mailup Wp-mailup 1.2
Mailup Wp-mailup 1.3
Mailup Wp-mailup 1.3.1
Mailup Wp-mailup 1.21
5
CVSSv2
CVE-2012-3385
WordPress prior to 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors.
Wordpress Wordpress 3.0.5
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 1.2.3
Wordpress Wordpress 2.0.11
Wordpress Wordpress 1.3.3
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.1
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.2.4
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.0.4
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.2.1
Wordpress Wordpress 3.1.4
Wordpress Wordpress 2.2
Wordpress Wordpress 1.2.1
5
CVSSv2
CVE-2011-4957
The make_clickable function in wp-includes/formatting.php in WordPress prior to 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote malicious users to cause a denial of service (crash) via a comment with a crafted URL that triggers many...
Wordpress Wordpress 3.0.5
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 1.2.3
Wordpress Wordpress 2.0.11
Wordpress Wordpress 1.3.3
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.1
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.2.4
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.0.4
Wordpress Wordpress 3.0.2
Wordpress Wordpress 2.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 2.1.3
Wordpress Wordpress 1.3.2
5
CVSSv2
CVE-2012-2401
Plupload prior to 1.5.4, as used in wp-includes/js/plupload/ in WordPress prior to 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote malicious users to bypass the Same Origin Policy via crafted content.
Moxiecode Plupload 1.5.1
Wordpress Wordpress 3.0.5
Wordpress Wordpress 2.8.5.2
Moxiecode Plupload 1.5.0
Wordpress Wordpress 1.2.3
Wordpress Wordpress 2.0.11
Wordpress Wordpress 1.3.3
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.1
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.2.4
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.0.4
Wordpress Wordpress 3.0.2
Wordpress Wordpress 2.2
Wordpress Wordpress 1.2.1
5
CVSSv2
CVE-2012-0937
wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and previous versions does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote malicious users to use WordPress as a proxy for brute-force attacks or denial o...
Wordpress Wordpress 3.0.5
Wordpress Wordpress 2.0.11
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.1
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.0.4
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.2.1
Wordpress Wordpress 0.711
Wordpress Wordpress 3.1.4
Wordpress Wordpress 2.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 0.7
Wordpress Wordpress 2.1.3
Wordpress Wordpress 3.0
Wordpress Wordpress 2.8
1 EDB exploit
5
CVSSv2
CVE-2011-4898
wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and previous versions generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it easier for remote malicious users to co...
Wordpress Wordpress 3.0.5
Wordpress Wordpress 2.0.11
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.1
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.0.4
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.2.1
Wordpress Wordpress 0.711
Wordpress Wordpress 3.1.4
Wordpress Wordpress 2.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 0.7
Wordpress Wordpress 2.1.3
Wordpress Wordpress 3.0
Wordpress Wordpress 2.8
1 EDB exploit
5
CVSSv2
CVE-2010-4403
The Register Plus plugin 3.5.1 and previous versions for WordPress allows remote malicious users to obtain sensitive information via a direct request to (1) dash_widget.php and (2) register-plus.php, which reveals the installation path in an error message.
Devbits Register-plus
Devbits Register-plus 1.1
Devbits Register-plus 1.2
Devbits Register-plus 2.0
Devbits Register-plus 2.1
Devbits Register-plus 2.2
Devbits Register-plus 2.3
Devbits Register-plus 2.4
Devbits Register-plus 2.5
Devbits Register-plus 2.6
Devbits Register-plus 2.7
Devbits Register-plus 2.8
Devbits Register-plus 2.9
Devbits Register-plus 3.0
Devbits Register-plus 3.0.1
Devbits Register-plus 3.0.2
Devbits Register-plus 3.1
Devbits Register-plus 3.2
Devbits Register-plus 3.3
Devbits Register-plus 3.4
Devbits Register-plus 3.4.1
Devbits Register-plus 3.5
5
CVSSv2
CVE-2009-2432
WordPress and WordPress MU prior to 2.8.1 allow remote malicious users to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message.
Wordpress Wordpress 2.0.11
Wordpress Wordpress 1.2-mingus
Wordpress Wordpress 2.3.1
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.1.3 Rc2
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress Mu 1.5.1
Wordpress Wordpress 1.2
Wordpress Wordpress Mu 1.3.3
Wordpress Wordpress 2.1
Wordpress Wordpress 2.0.10 Rc1
Wordpress Wordpress 1.5-strayhorn
Wordpress Wordpress 1.2-delta
Wordpress Wordpress 2.0.6
Wordpress Wordpress 1.0
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.4
Wordpress Wordpress 1.3.1
Wordpress Wordpress Mu 2.6.3
Wordpress Wordpress Mu 2.6
5
CVSSv2
CVE-2006-0986
WordPress 2.0.1 and previous versions allows remote malicious users to obtain sensitive information via a direct request to (1) default-filters.php, (2) template-loader.php, (3) rss-functions.php, (4) locale.php, (5) wp-db.php, and (6) kses.php in the wp-includes/ directory; and ...
Wordpress Wordpress 2.0
Wordpress Wordpress 2.0.1
Wordpress Wordpress 1.0.1
Wordpress Wordpress 1.0.2
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 1.2
Wordpress Wordpress 1.0
Wordpress Wordpress 1.5
Wordpress Wordpress 1.5.1
Wordpress Wordpress 1.5.1.3
5
CVSSv2
CVE-2005-4463
WordPress prior to 1.5.2 allows remote malicious users to obtain sensitive information via a direct request to (1) wp-includes/vars.php, (2) wp-content/plugins/hello.php, (3) wp-admin/upgrade-functions.php, (4) wp-admin/edit-form.php, (5) wp-settings.php, and (6) wp-admin/edit-fo...
Wordpress Wordpress 2.0.1
Wordpress Wordpress 1.0.1
Wordpress Wordpress 1.0.2
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 1.2
Wordpress Wordpress 1.0
Wordpress Wordpress 1.5
Wordpress Wordpress 1.5.1
Wordpress Wordpress 1.5.1.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103
CVE-2024-36279
CVE-2024-38457
elevation of privilege
CVE-2024-27801
CVE-2024-30103
NULL pointer dereference
CVE-2024-6057
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »