Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.1 vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2018-5668
An issue exists in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-admin/options-general.php rnu_username_validation_title parameter.
Read And Understood Project Read And Understood 2.1
3.5
CVSSv2
CVE-2018-5667
An issue exists in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-admin/options-general.php rnu_username_validation_pattern parameter.
Read And Understood Project Read And Understood 2.1
7.5
CVSSv2
CVE-2009-3703
Multiple SQL injection vulnerabilities in the WP-Forum plugin prior to 2.4 for WordPress allow remote malicious users to execute arbitrary SQL commands via (1) the search_max parameter in a search action to the default URI, related to wpf.class.php; (2) the forum parameter to an ...
Fahlstad Wp-forum 1.7.4
Fahlstad Wp-forum 2.1
Fahlstad Wp-forum 1.6
Fahlstad Wp-forum 1.5
Fahlstad Wp-forum 1.8
Fahlstad Wp-forum
Fahlstad Wp-forum 1.7.3
Fahlstad Wp-forum 1.7
Fahlstad Wp-forum 1.7.8
Fahlstad Wp-forum 2.0
1 EDB exploit
7.5
CVSSv2
CVE-2011-4671
SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions prior to 3.6.8, for WordPress allows remote malicious users to execute arbitrary SQL commands via the track parameter (aka redirect URL).
Adrotateplugin Adrotate 3.6.3
Adrotateplugin Adrotate 3.6.2
Adrotateplugin Adrotate 3.3
Adrotateplugin Adrotate 3.2.2
Adrotateplugin Adrotate 3.0.1
Adrotateplugin Adrotate 3.0
Adrotateplugin Adrotate 2.4.1
Adrotateplugin Adrotate 2.4
Adrotateplugin Adrotate 1.0
Adrotateplugin Adrotate 0.8
Adrotateplugin Adrotate 0.2
Adrotateplugin Adrotate 0.1
Adrotateplugin Adrotate
Adrotateplugin Adrotate 3.6.6
Adrotateplugin Adrotate 3.5.1
Adrotateplugin Adrotate 3.5
Adrotateplugin Adrotate 3.1.1
Adrotateplugin Adrotate 3.1
Adrotateplugin Adrotate 2.5
Adrotateplugin Adrotate 2.4.4
Adrotateplugin Adrotate 2.2
Adrotateplugin Adrotate 2.1
2 EDB exploits
6.5
CVSSv2
CVE-2013-1408
Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin prior to 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php. NOTE: this can be leveraged using CS...
Wysija Newsletters Project Wysija Newsletters 2.1.4
Wysija Newsletters Project Wysija Newsletters 2.1.3
Wysija Newsletters Project Wysija Newsletters 2.0.7
Wysija Newsletters Project Wysija Newsletters 2.0.6
Wysija Newsletters Project Wysija Newsletters 2.1.8
Wysija Newsletters Project Wysija Newsletters 2.1.7
Wysija Newsletters Project Wysija Newsletters 2.1
Wysija Newsletters Project Wysija Newsletters 2.1.6
Wysija Newsletters Project Wysija Newsletters 2.1.5
Wysija Newsletters Project Wysija Newsletters 2.0.9
Wysija Newsletters Project Wysija Newsletters 2.0.8
Wysija Newsletters Project Wysija Newsletters 2.0
Wysija Newsletters Project Wysija Newsletters 2.0.9.5
Wysija Newsletters Project Wysija Newsletters 2.0.3
Wysija Newsletters Project Wysija Newsletters 2.0.2
Wysija Newsletters Project Wysija Newsletters 2.0.1
Wysija Newsletters Project Wysija Newsletters
Wysija Newsletters Project Wysija Newsletters 2.1.9
Wysija Newsletters Project Wysija Newsletters 2.1.2
Wysija Newsletters Project Wysija Newsletters 2.1.1
Wysija Newsletters Project Wysija Newsletters 2.0.5
Wysija Newsletters Project Wysija Newsletters 2.0.4
1 EDB exploit
4.3
CVSSv2
CVE-2018-11633
An issue exists in the MULTIDOTS Woo Checkout for Digital Goods plugin 2.1 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings. The function woo_chec...
Multidots Woo Checkout For Digital Goods 2.1
4.3
CVSSv2
CVE-2014-1906
Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin prior to 4.29.5 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) m parameter to lb_status.php; (2) msg parameter to vc_chatlog.ph...
Videowhisper Live Streaming Integration Plugin
Videowhisper Live Streaming Integration Plugin 4.25.3
Videowhisper Live Streaming Integration Plugin 1.0.2
Videowhisper Live Streaming Integration Plugin 4.25
Videowhisper Live Streaming Integration Plugin 4.07
Videowhisper Live Streaming Integration Plugin 4.27
Videowhisper Live Streaming Integration Plugin 4.27.3
Videowhisper Live Streaming Integration Plugin 2.1
Videowhisper Live Streaming Integration Plugin 2.0
Videowhisper Live Streaming Integration Plugin 4.05
Videowhisper Live Streaming Integration Plugin 2.2
1 EDB exploit
7.5
CVSSv2
CVE-2013-1852
SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin prior to 3.8.1 for WordPress allows remote malicious users to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php.
Kolja Schleich Leaguemanager
Kolja Schleich Leaguemanager 3.7
Kolja Schleich Leaguemanager 3.6.9
Kolja Schleich Leaguemanager 3.5.2
Kolja Schleich Leaguemanager 3.5.1
Kolja Schleich Leaguemanager 3.5
Kolja Schleich Leaguemanager 3.4.2
Kolja Schleich Leaguemanager 3.1.7
Kolja Schleich Leaguemanager 3.1.6
Kolja Schleich Leaguemanager 3.1.5
Kolja Schleich Leaguemanager 3.1.4
Kolja Schleich Leaguemanager 2.9
Kolja Schleich Leaguemanager 2.8
Kolja Schleich Leaguemanager 2.7.1
Kolja Schleich Leaguemanager 2.1
Kolja Schleich Leaguemanager 2.0
Kolja Schleich Leaguemanager 1.5
Kolja Schleich Leaguemanager 1.4.2
Kolja Schleich Leaguemanager 3.6.7
Kolja Schleich Leaguemanager 3.6.5
Kolja Schleich Leaguemanager 3.6
Kolja Schleich Leaguemanager 3.5.5
1 EDB exploit
1 Github repository
4.3
CVSSv2
CVE-2013-5711
Cross-site scripting (XSS) vulnerability in admin/walkthrough/walkthrough.php in the Design Approval System plugin prior to 3.7 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the step parameter.
Slickremix Design Approval System Plugin 2.6
Slickremix Design Approval System Plugin 2.5
Slickremix Design Approval System Plugin 2.4
Slickremix Design Approval System Plugin 2.3
Slickremix Design Approval System Plugin 3.4
Slickremix Design Approval System Plugin 3.3
Slickremix Design Approval System Plugin 3.2
Slickremix Design Approval System Plugin 3.1
Slickremix Design Approval System Plugin 1.8
Slickremix Design Approval System Plugin 1.7
Slickremix Design Approval System Plugin 1.6
Slickremix Design Approval System Plugin 1.5
Slickremix Design Approval System Plugin 1.4
Slickremix Design Approval System Plugin 3.5
Slickremix Design Approval System Plugin 3.0
Slickremix Design Approval System Plugin 2.8
Slickremix Design Approval System Plugin 2.1
Slickremix Design Approval System Plugin 1.9
Slickremix Design Approval System Plugin 1.2
Slickremix Design Approval System Plugin 1.0
Slickremix Design Approval System Plugin
Slickremix Design Approval System Plugin 2.9
4.3
CVSSv2
CVE-2013-5714
Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php in the VideoWhisper Live Streaming Integration plugin 4.25.3 and possibly earlier for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) name or (2) message parameter. NO...
Videowhisper Live Streaming Integration Plugin 4.07
Videowhisper Live Streaming Integration Plugin 4.05
Videowhisper Live Streaming Integration Plugin 2.2
Videowhisper Live Streaming Integration Plugin 2.1
Videowhisper Live Streaming Integration Plugin
Videowhisper Live Streaming Integration Plugin 1.0.2
Videowhisper Live Streaming Integration Plugin 4.25
Videowhisper Live Streaming Integration Plugin 2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »