Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.0 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2017-6098
A SQL injection issue exists in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign_save.php (Requires authentication to Wordpress admin) with the POST Parameter: list_id.
Mail-masta Project Mail-masta 1.0
1 EDB exploit
6.5
CVSSv2
CVE-2014-3210
SQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin prior to 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the booking_form_id parameter to wp-admin/admin-ajax.php.
Dotonpaper Booking System
Dotonpaper Booking System 1.0
Dotonpaper Booking System 1.1
1 EDB exploit
6.5
CVSSv2
CVE-2010-5106
The XML-RPC remote publishing interface in xmlrpc.php in WordPress prior to 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role...
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 1.2.3
Wordpress Wordpress 2.0.11
Wordpress Wordpress 1.3.3
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.1
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.2.4
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 2.1.3
Wordpress Wordpress 1.3.2
Wordpress Wordpress 3.0
Wordpress Wordpress 2.8
6.4
CVSSv2
CVE-2016-10965
The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion.
Creativeinteractivemedia Real3d Flipbook 1.0
6.4
CVSSv2
CVE-2014-0166
The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress prior to 3.7.2 and 3.8.x prior to 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote malicious users to obtain access via a forged cookie.
Wordpress Wordpress 3.0.5
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 1.2.3
Wordpress Wordpress 3.4.0
Wordpress Wordpress 2.0.11
Wordpress Wordpress 1.3.3
Wordpress Wordpress 3.6.1
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 3.7
Wordpress Wordpress 1.6.2
Wordpress Wordpress 3.5.0
Wordpress Wordpress 2.1
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.2.4
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.0.4
1 Github repository
6.4
CVSSv2
CVE-2013-0235
The XMLRPC API in WordPress prior to 3.5.1 allows remote malicious users to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue.
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress
Wordpress Wordpress 1.2.3
Wordpress Wordpress 3.4.0
Wordpress Wordpress 2.0.11
Wordpress Wordpress 1.3.3
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 1.6.2
Wordpress Wordpress 2.1
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.2.4
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 2.1.3
5.5
CVSSv2
CVE-2012-2402
wp-admin/plugins.php in WordPress prior to 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors.
Wordpress Wordpress 3.0.5
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 1.2.3
Wordpress Wordpress 2.0.11
Wordpress Wordpress 1.3.3
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.1
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.2.4
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.0.4
Wordpress Wordpress 3.0.2
Wordpress Wordpress 2.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 2.1.3
Wordpress Wordpress 1.3.2
5.1
CVSSv2
CVE-2008-4106
WordPress prior to 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote malicious users to chang...
Wordpress Wordpress 2.0.11
Wordpress Wordpress 1.2-mingus
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.1
Wordpress Wordpress 1.5-strayhorn
Wordpress Wordpress 1.2-delta
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.4
Wordpress Wordpress 0.71-gold
Wordpress Wordpress 2.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 2.1.3
Wordpress Wordpress 2.0.7
Wordpress Wordpress 2.1.2
Wordpress Wordpress 2.0.5
Wordpress Wordpress 2.2.2
Wordpress Wordpress 1.5.1.1
Wordpress Wordpress 2.0.9
Wordpress Wordpress 2.2.1
5
CVSSv2
CVE-2015-9415
The bj-lazy-load plugin prior to 1.0 for WordPress has Remote File Inclusion.
Angrycreative Bj Lazy Load
5
CVSSv2
CVE-2016-10966
The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ directory traversal for file upload.
Creativeinteractivemedia Real3d Flipbook 1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »