Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.8 vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2012-1936
The wp_create_nonce function in wp-includes/pluggable.php in WordPress 3.3.1 and previous versions associates a nonce with a user account instead of a user session, which might make it easier for remote malicious users to conduct cross-site request forgery (CSRF) attacks on speci...
Wordpress Wordpress
Wordpress Wordpress 1.0
Wordpress Wordpress 1.0.1
Wordpress Wordpress 1.0.2
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.2.2
Wordpress Wordpress 1.2.3
Wordpress Wordpress 1.2.4
Wordpress Wordpress 1.2.5
Wordpress Wordpress 1.3
1 EDB exploit
4
CVSSv2
CVE-2012-4421
The create_post function in wp-includes/class-wp-atom-server.php in WordPress prior to 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the ...
Wordpress Wordpress
Wordpress Wordpress 0.71
Wordpress Wordpress 1.0
Wordpress Wordpress 1.0.1
Wordpress Wordpress 1.0.2
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.2.2
Wordpress Wordpress 1.2.3
Wordpress Wordpress 1.2.4
Wordpress Wordpress 1.2.5
3.5
CVSSv2
CVE-2012-4422
wp-admin/plugins.php in WordPress prior to 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin ...
Wordpress Wordpress
Wordpress Wordpress 0.71
Wordpress Wordpress 1.0
Wordpress Wordpress 1.0.1
Wordpress Wordpress 1.0.2
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.2.2
Wordpress Wordpress 1.2.3
Wordpress Wordpress 1.2.4
Wordpress Wordpress 1.2.5
5
CVSSv2
CVE-2012-2401
Plupload prior to 1.5.4, as used in wp-includes/js/plupload/ in WordPress prior to 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote malicious users to bypass the Same Origin Policy via crafted content.
Moxiecode Plupload
Moxiecode Plupload 1.4.0
Moxiecode Plupload 1.4.1
Moxiecode Plupload 1.4.2
Moxiecode Plupload 1.4.3
Moxiecode Plupload 1.5.0
Moxiecode Plupload 1.5.1
Moxiecode Plupload 1.5.2
Wordpress Wordpress
Wordpress Wordpress 0.71
Wordpress Wordpress 1.0
Wordpress Wordpress 1.0.1
4.3
CVSSv2
CVE-2013-0237
Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload prior to 1.5.5, as used in WordPress prior to 3.5.1 and other products, allows remote malicious users to inject arbitrary web script or HTML via the id parameter.
Moxiecode Plupload
Moxiecode Plupload 1.4.0
Moxiecode Plupload 1.4.1
Moxiecode Plupload 1.4.2
Moxiecode Plupload 1.4.3
Moxiecode Plupload 1.5.0
Moxiecode Plupload 1.5.1
Moxiecode Plupload 1.5.2
Moxiecode Plupload 1.5.3
Wordpress Wordpress
Wordpress Wordpress 0.71
Wordpress Wordpress 1.0
4
CVSSv2
CVE-2014-0165
WordPress prior to 3.7.2 and 3.8.x prior to 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php.
Wordpress Wordpress
Wordpress Wordpress 0.71
Wordpress Wordpress 1.0
Wordpress Wordpress 1.0.1
Wordpress Wordpress 1.0.2
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.2.2
Wordpress Wordpress 1.2.3
Wordpress Wordpress 1.2.4
Wordpress Wordpress 1.2.5
6.4
CVSSv2
CVE-2014-0166
The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress prior to 3.7.2 and 3.8.x prior to 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote malicious users to obtain access via a forged cookie.
Wordpress Wordpress
Wordpress Wordpress 0.71
Wordpress Wordpress 1.0
Wordpress Wordpress 1.0.1
Wordpress Wordpress 1.0.2
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.2.2
Wordpress Wordpress 1.2.3
Wordpress Wordpress 1.2.4
Wordpress Wordpress 1.2.5
1 Github repository
6.8
CVSSv2
CVE-2013-2705
Cross-site request forgery (CSRF) vulnerability in the WordPress Simple Paypal Shopping Cart plugin prior to 3.6 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that change plugin settings.
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.2
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.2.2
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.3
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.4
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.5
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.6
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.7
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.8
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.9
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.0
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.1
7.5
CVSSv2
CVE-2015-2065
SQL injection vulnerability in videogalleryrss.php in the Apptha WordPress Video Gallery (contus-video-gallery) plugin prior to 2.8 for WordPress allows remote malicious users to execute arbitrary SQL commands via the vid parameter in a rss action to wp-admin/admin-ajax.php.
Apptha Wordpress Video Gallery
1 EDB exploit
4.3
CVSSv2
CVE-2011-3862
Cross-site scripting (XSS) vulnerability in the Morning Coffee theme prior to 3.6 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to index.php.
Adazing Morning Coffee
Adazing Morning Coffee 2.7
Adazing Morning Coffee 2.8
Adazing Morning Coffee 2.9
Adazing Morning Coffee 3.0
Adazing Morning Coffee 3.1
Adazing Morning Coffee 3.2
Adazing Morning Coffee 3.4
1 EDB exploit
Preferred Score:
CVSSv2
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-23629
CVE-2024-52331
CVE-2025-0693
precious metals charts and widgets for wordpress
neofix
simple downloads list
CVE-2025-23544
CVE-2025-21298
client side
memory leak
CVE-2019-5418
XSS
deebot x5 pro plus
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »