Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.3.2 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2011-3128
WordPress 3.1 prior to 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote malicious users to obtain sensitive data via vectors related to wp-includes/post.php.
Wordpress Wordpress 3.1
Wordpress Wordpress 3.1.1
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.2
NA
CVE-2011-3129
The file upload functionality in WordPress 3.1 prior to 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames.
Wordpress Wordpress 3.1
Wordpress Wordpress 3.1.1
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.2
NA
CVE-2011-3127
WordPress 3.1 prior to 3.1.3 and 3.2 before Beta 2 does not prevent rendering for (1) admin or (2) login pages inside a frame in a third-party HTML document, which makes it easier for remote malicious users to conduct clickjacking attacks via a crafted web site.
Wordpress Wordpress 3.1
Wordpress Wordpress 3.1.1
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.2
1 Github repository
NA
CVE-2014-5265
The Incutio XML-RPC (IXR) Library, as used in WordPress prior to 3.9.2 and Drupal 6.x prior to 6.33 and 7.x prior to 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote malicious users to cause a denial of service (memory a...
Wordpress Wordpress
Wordpress Wordpress 3.0
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.0.3
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.0.5
Wordpress Wordpress 3.0.6
Wordpress Wordpress 3.1
Wordpress Wordpress 3.1.1
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.1.3
NA
CVE-2014-5266
The Incutio XML-RPC (IXR) Library, as used in WordPress prior to 3.9.2 and Drupal 6.x prior to 6.33 and 7.x prior to 7.31, does not limit the number of elements in an XML document, which allows remote malicious users to cause a denial of service (CPU consumption) via a large docu...
Wordpress Wordpress
Wordpress Wordpress 3.0
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.0.3
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.0.5
Wordpress Wordpress 3.0.6
Wordpress Wordpress 3.1
Wordpress Wordpress 3.1.1
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.1.3
7.5
CVSSv3
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Wordpress Wordpress 3.0
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.0.3
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.0.5
Wordpress Wordpress 3.0.6
Wordpress Wordpress 3.1
Wordpress Wordpress 3.1.1
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.1.4
2 Github repositories
NA
CVE-2013-2705
Cross-site request forgery (CSRF) vulnerability in the WordPress Simple Paypal Shopping Cart plugin prior to 3.6 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that change plugin settings.
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.2
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.2.2
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.3
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.4
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.5
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.6
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.7
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.8
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.9
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.0
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.1
NA
CVE-2015-6535
Cross-site scripting (XSS) vulnerability in includes/options-profiles.php in the YouTube Embed plugin prior to 3.3.3 for WordPress allows remote administrators to inject arbitrary web script or HTML via the Profile name field (youtube_embed_name parameter).
Youtube Embed Project Youtube Embed
3 Github repositories
NA
CVE-2013-3526
Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and previous versions, for WordPress allows remote malicious users to inject arbitrary web script or HTML via the aoid parameter.
Wptrafficanalyzer Trafficanalyzer 1.0.0
Wptrafficanalyzer Trafficanalyzer 1.1.0
Wptrafficanalyzer Trafficanalyzer 1.1.1
Wptrafficanalyzer Trafficanalyzer 1.1.2
Wptrafficanalyzer Trafficanalyzer 1.1.3
Wptrafficanalyzer Trafficanalyzer 1.2.0
Wptrafficanalyzer Trafficanalyzer 1.3.0
Wptrafficanalyzer Trafficanalyzer 1.4.0
Wptrafficanalyzer Trafficanalyzer 1.5.0
Wptrafficanalyzer Trafficanalyzer 1.6.0
Wptrafficanalyzer Trafficanalyzer 1.6.1
Wptrafficanalyzer Trafficanalyzer 1.7.0
1 EDB exploit
NA
CVE-2013-5962
Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin prior to 3.3.4 rev40279 for WordPress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct...
Envato Complete Gallery Manager Plugin
Envato Complete Gallery Manager Plugin 1.0.0
Envato Complete Gallery Manager Plugin 1.0.1
Envato Complete Gallery Manager Plugin 1.0.2
Envato Complete Gallery Manager Plugin 2.0.0
Envato Complete Gallery Manager Plugin 2.0.1
Envato Complete Gallery Manager Plugin 2.0.2
Envato Complete Gallery Manager Plugin 2.0.3
Envato Complete Gallery Manager Plugin 3.0.0
Envato Complete Gallery Manager Plugin 3.0.1
Envato Complete Gallery Manager Plugin 3.1.0
Envato Complete Gallery Manager Plugin 3.1.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-54130
firmware
CVE-2024-42327
CVE-2024-42448
CVE-2024-54126
CVE-2024-53846
CVE-2024-38920
XPath injection
HTML injection
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »