Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.3.1 vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2014-0165
WordPress prior to 3.7.2 and 3.8.x prior to 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php.
Wordpress Wordpress
Wordpress Wordpress 0.71
Wordpress Wordpress 1.0
Wordpress Wordpress 1.0.1
Wordpress Wordpress 1.0.2
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.2.2
Wordpress Wordpress 1.2.3
Wordpress Wordpress 1.2.4
Wordpress Wordpress 1.2.5
6.4
CVSSv2
CVE-2014-0166
The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress prior to 3.7.2 and 3.8.x prior to 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote malicious users to obtain access via a forged cookie.
Wordpress Wordpress
Wordpress Wordpress 0.71
Wordpress Wordpress 1.0
Wordpress Wordpress 1.0.1
Wordpress Wordpress 1.0.2
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.2.2
Wordpress Wordpress 1.2.3
Wordpress Wordpress 1.2.4
Wordpress Wordpress 1.2.5
1 Github repository
4.9
CVSSv2
CVE-2009-2334
wp-admin/admin.php in WordPress and WordPress MU prior to 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote malicious users to specify a configuration file in the page parameter to obtain sensitive information or mod...
Wordpress Wordpress
Wordpress Wordpress 0.6.2
Wordpress Wordpress 0.6.2.1
Wordpress Wordpress 0.7
Wordpress Wordpress 0.71
Wordpress Wordpress 0.71-gold
Wordpress Wordpress 0.72
Wordpress Wordpress 0.711
Wordpress Wordpress 1.0
Wordpress Wordpress 1.0-platinum
Wordpress Wordpress 1.0.1
Wordpress Wordpress 1.0.1-miles
1 EDB exploit
5
CVSSv2
CVE-2009-2432
WordPress and WordPress MU prior to 2.8.1 allow remote malicious users to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message.
Wordpress Wordpress
Wordpress Wordpress 0.6.2
Wordpress Wordpress 0.6.2.1
Wordpress Wordpress 0.7
Wordpress Wordpress 0.71
Wordpress Wordpress 0.71-gold
Wordpress Wordpress 0.72
Wordpress Wordpress 0.711
Wordpress Wordpress 1.0
Wordpress Wordpress 1.0-platinum
Wordpress Wordpress 1.0.1
Wordpress Wordpress 1.0.1-miles
5
CVSSv2
CVE-2014-8585
Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.
Wpdownloadmanager Wordpress Download Manager 1.1
Wpdownloadmanager Wordpress Download Manager 1.2
Wpdownloadmanager Wordpress Download Manager 1.2.1
Wpdownloadmanager Wordpress Download Manager 1.2.2
Wpdownloadmanager Wordpress Download Manager 1.2.3
Wpdownloadmanager Wordpress Download Manager 1.2.4
Wpdownloadmanager Wordpress Download Manager 1.2.5
Wpdownloadmanager Wordpress Download Manager 1.3
Wpdownloadmanager Wordpress Download Manager 1.4
Wpdownloadmanager Wordpress Download Manager 1.5
Wpdownloadmanager Wordpress Download Manager 1.5.1
Wpdownloadmanager Wordpress Download Manager 1.5.2
6.8
CVSSv2
CVE-2007-6013
Wordpress 1.5 up to and including 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows malicious users to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.
Wordpress Wordpress
Fedoraproject Fedora 7
Fedoraproject Fedora 8
9.8
CVSSv3
CVE-2022-45370
Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a up to and including 2.3.1.
Webtoffee Wordpress Comments Import And Export
4.3
CVSSv2
CVE-2013-4117
Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the ID parameter.
Anshul Sharma Category-grid-view-gallery 2.3.1
1 EDB exploit
7.5
CVSSv2
CVE-2011-4671
SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions prior to 3.6.8, for WordPress allows remote malicious users to execute arbitrary SQL commands via the track parameter (aka redirect URL).
Adrotateplugin Adrotate
Adrotateplugin Adrotate 0.1
Adrotateplugin Adrotate 0.2
Adrotateplugin Adrotate 0.3
Adrotateplugin Adrotate 0.4
Adrotateplugin Adrotate 0.5
Adrotateplugin Adrotate 0.6
Adrotateplugin Adrotate 0.7
Adrotateplugin Adrotate 0.7.1
Adrotateplugin Adrotate 0.8
Adrotateplugin Adrotate 1.0
Adrotateplugin Adrotate 2.0
2 EDB exploits
5
CVSSv2
CVE-2012-6112
classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon prior to 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x prior to 2.1.10, 2.2.x prior to 2.2.7, 2.3.x prior to 2.3.4, and 2.4.x prior to 2.4.1 and other products, does not properly handle control charact...
Tinymce Spellchecker Php 2.0
Tinymce Spellchecker Php 2.0.1
Tinymce Spellchecker Php 2.0.2
Tinymce Spellchecker Php 2.0.3
Tinymce Spellchecker Php 2.0.6
Moodle Moodle 2.1.0
Moodle Moodle 2.1.1
Moodle Moodle 2.1.2
Moodle Moodle 2.1.3
Moodle Moodle 2.1.4
Moodle Moodle 2.1.5
Moodle Moodle 2.1.6
Preferred Score:
CVSSv2
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-0575
CVE-2024-55591
CVE-2024-41742
com.transsion.carlcare
CVE-2024-57926
code injection
CVE-2024-12365
tenda
insecure direct object reference
CVE-2024-13433
tduck-platform
code-projects
XML injection
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »