Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2007-0109
wp-login.php in WordPress 2.0.5 and previous versions displays different error messages if a user exists or not, which allows remote malicious users to obtain sensitive information and facilitates brute force attacks.
Wordpress Wordpress 2.0
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.0.5
Wordpress Wordpress 2.0.3
4.3
CVSSv2
CVE-2012-3414
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and previous versions, as used in WordPress prior to 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote malicious users to inject arbitrary web script or HTML via the movieName paramet...
Wordpress Wordpress 3.0.5
Swfupload Project Swfupload 2.0.2
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.2.1
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.0
Wordpress Wordpress 3.2
Swfupload Project Swfupload 2.2.0
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.1.3
Swfupload Project Swfupload 2.1.0
Tinymce Image Manager 1.1
Wordpress Wordpress
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.1
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.0.6
Swfupload Project Swfupload
Wordpress Wordpress 3.1.1
Wordpress Wordpress -
Wordpress Wordpress 3.3
Wordpress Wordpress 3.0.3
1 EDB exploit
2 Github repositories
1 Article
4.3
CVSSv2
CVE-2015-3439
Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x prior to 4.1.2 and other products, allows remote malicious users to execute same-origin JavaScript functions via the ...
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Wordpress Wordpress 4.0.1
Wordpress Wordpress 4.1.1
Wordpress Wordpress 3.9.3
Wordpress Wordpress 3.9.2
Wordpress Wordpress 3.9.0
Wordpress Wordpress 4.0
Wordpress Wordpress 4.1
Wordpress Wordpress 3.9.1
6.8
CVSSv2
CVE-2014-9037
WordPress prior to 3.7.5, 3.8.x prior to 3.8.5, 3.9.x prior to 3.9.3, and 4.x prior to 4.0.1 might allow remote malicious users to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.
Mageia Project Mageia 4
Mageia Project Mageia 3
Wordpress Wordpress 3.8.3
Wordpress Wordpress 3.9.2
Wordpress Wordpress 3.8.2
Wordpress Wordpress 4.0
Wordpress Wordpress 3.8
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.9.1
Wordpress Wordpress 3.8.4
Wordpress Wordpress
Wordpress Wordpress 3.9
Debian Debian Linux 8.0
Debian Debian Linux 7.0
4.3
CVSSv2
CVE-2014-9039
wp-login.php in WordPress prior to 3.7.5, 3.8.x prior to 3.8.5, 3.9.x prior to 3.9.3, and 4.x prior to 4.0.1 might allow remote malicious users to reset passwords by leveraging access to an e-mail account that received a password-reset message.
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Mageia Project Mageia 4
Mageia Project Mageia 3
Wordpress Wordpress 3.8.3
Wordpress Wordpress 3.9.2
Wordpress Wordpress 3.8.2
Wordpress Wordpress 4.0
Wordpress Wordpress 3.8
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.9.1
Wordpress Wordpress 3.8.4
Wordpress Wordpress
Wordpress Wordpress 3.9
7.5
CVSSv2
CVE-2011-4669
SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote malicious users to execute arbitrary SQL commands via the uid parameter to index.php.
Wordpress Wordpress-users
Wordpress Wordpress-users 0.2
Wordpress Wordpress-users 0.9
Wordpress Wordpress-users 1.0
Wordpress Wordpress-users 1.1
Wordpress Wordpress-users 1.2
4.3
CVSSv2
CVE-2008-4671
Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) prior to 2.6 allows remote malicious users to inject arbitrary web script or HTML via the (1) s and (2) ip_address parameters.
Wordpress Wordpress Mu
Wordpress Wordpress Mu 1.2.3
Wordpress Wordpress Mu 1.2.2
Wordpress Wordpress Mu 1.3
Wordpress Wordpress Mu 1.3.1
Wordpress Wordpress Mu 1.0
1 EDB exploit
5.8
CVSSv2
CVE-2011-3127
WordPress 3.1 prior to 3.1.3 and 3.2 before Beta 2 does not prevent rendering for (1) admin or (2) login pages inside a frame in a third-party HTML document, which makes it easier for remote malicious users to conduct clickjacking attacks via a crafted web site.
Wordpress Wordpress 3.1
Wordpress Wordpress 3.2
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.1.1
1 Github repository
10
CVSSv2
CVE-2011-3122
Unspecified vulnerability in WordPress 3.1 prior to 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Media security."
Wordpress Wordpress 3.1
Wordpress Wordpress 3.2
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.1.1
5
CVSSv2
CVE-2011-3128
WordPress 3.1 prior to 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote malicious users to obtain sensitive data via vectors related to wp-includes/post.php.
Wordpress Wordpress 3.1
Wordpress Wordpress 3.2
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.1.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »