Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.7 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2019-16780
WordPress users with lower privileges (like contributors) can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. This can lead to XSS if an admin opens the post in the editor. Execution of this attack does require an authe...
Wordpress Wordpress
Wordpress Wordpress 3.7
Debian Debian Linux 9.0
Debian Debian Linux 10.0
2.1
CVSSv2
CVE-2014-5240
Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress prior to 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL.
Wordpress Wordpress
Wordpress Wordpress 3.0
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.0.3
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.0.5
Wordpress Wordpress 3.0.6
Wordpress Wordpress 3.1
Wordpress Wordpress 3.1.1
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.1.3
7.5
CVSSv2
CVE-2008-0682
SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin prior to 3.72 for Wordpress allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Wordpress Wordspew
Wordpress Wordspew 1.6
Wordpress Wordspew 1.7
Wordpress Wordspew 1.8
Wordpress Wordspew 2.0
Wordpress Wordspew 2.1
Wordpress Wordspew 2.2
Wordpress Wordspew 2.3
Wordpress Wordspew 2.5
Wordpress Wordspew 2.6
Wordpress Wordspew 2.7
Wordpress Wordspew 2.8
1 EDB exploit
4
CVSSv2
CVE-2014-0165
WordPress prior to 3.7.2 and 3.8.x prior to 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php.
Wordpress Wordpress
Wordpress Wordpress 0.71
Wordpress Wordpress 1.0
Wordpress Wordpress 1.0.1
Wordpress Wordpress 1.0.2
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.2.2
Wordpress Wordpress 1.2.3
Wordpress Wordpress 1.2.4
Wordpress Wordpress 1.2.5
6.4
CVSSv2
CVE-2014-0166
The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress prior to 3.7.2 and 3.8.x prior to 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote malicious users to obtain access via a forged cookie.
Wordpress Wordpress
Wordpress Wordpress 0.71
Wordpress Wordpress 1.0
Wordpress Wordpress 1.0.1
Wordpress Wordpress 1.0.2
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.2.2
Wordpress Wordpress 1.2.3
Wordpress Wordpress 1.2.4
Wordpress Wordpress 1.2.5
1 Github repository
5
CVSSv2
CVE-2014-5265
The Incutio XML-RPC (IXR) Library, as used in WordPress prior to 3.9.2 and Drupal 6.x prior to 6.33 and 7.x prior to 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote malicious users to cause a denial of service (memory a...
Wordpress Wordpress
Wordpress Wordpress 3.0
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.0.3
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.0.5
Wordpress Wordpress 3.0.6
Wordpress Wordpress 3.1
Wordpress Wordpress 3.1.1
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.1.3
5
CVSSv2
CVE-2014-5266
The Incutio XML-RPC (IXR) Library, as used in WordPress prior to 3.9.2 and Drupal 6.x prior to 6.33 and 7.x prior to 7.31, does not limit the number of elements in an XML document, which allows remote malicious users to cause a denial of service (CPU consumption) via a large docu...
Wordpress Wordpress
Wordpress Wordpress 3.0
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.0.3
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.0.5
Wordpress Wordpress 3.0.6
Wordpress Wordpress 3.1
Wordpress Wordpress 3.1.1
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.1.3
7.5
CVSSv3
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Wordpress Wordpress 3.0
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.0.3
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.0.5
Wordpress Wordpress 3.0.6
Wordpress Wordpress 3.1
Wordpress Wordpress 3.1.1
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.1.4
1 Github repository
6.1
CVSSv3
CVE-2022-43497
Cross-site scripting vulnerability in WordPress versions before 6.0.3 allows a remote unauthenticated malicious user to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.
Wordpress Wordpress
6.1
CVSSv3
CVE-2022-43500
Cross-site scripting vulnerability in WordPress versions before 6.0.3 allows a remote unauthenticated malicious user to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.
Wordpress Wordpress
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
man-in-the-middle
firmware
CVE-2025-0199
CVE-2024-12701
CVE-2023-45866
CVE-2024-4367
memory leak
CVE-2025-0204
CVE-2024-53841
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »