Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 0.7 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-1002016
Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files.
Flickr Picture Backup Project Flickr Picture Backup 0.7
7.5
CVSSv3
CVE-2015-9464
The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.
S3bubble S3bubble-amazon-s3-html-5-video-with-adverts 0.7
7.5
CVSSv3
CVE-2015-1000006
Remote file download vulnerability in recent-backups v0.7 wordpress plugin
Recent-backups Project Recent-backups 0.7
6.1
CVSSv3
CVE-2016-10969
The supportflow plugin prior to 0.7 for WordPress has XSS via a discussion ticket title.
Supportflow Project Supportflow
6.1
CVSSv3
CVE-2016-10970
The supportflow plugin prior to 0.7 for WordPress has XSS via a ticket excerpt.
Supportflow Project Supportflow
5.4
CVSSv3
CVE-2021-24559
The Qyrr WordPress plugin prior to 0.7 does not escape the data-uri of the QR Code when outputting it in a src attribute, allowing for Cross-Site Scripting attacks. Furthermore, the data_uri_to_meta AJAX action, available to all authenticated users, only had a CSRF check in place...
Patrickposner Qyrr
4.3
CVSSv3
CVE-2022-1846
The Tiny Contact Form WordPress plugin up to and including 0.7 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack
Tiny Contact Form Project Tiny Contact Form
NA
CVE-2014-9393
Multiple cross-site request forgery (CSRF) vulnerabilities in the Post to Twitter plugin 0.7 and previous versions for WordPress allow remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) id...
Post To Twitter Project Post To Twitter
NA
CVE-2014-9401
Cross-site request forgery (CSRF) vulnerability in the WP Limit Posts Automatically plugin 0.7 and previous versions for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the lpa...
Wp Limit Posts Automatically Project Wp Limit Posts Automatically
NA
CVE-2003-1598
SQL injection vulnerability in log.header.php in WordPress 0.7 and previous versions allows remote malicious users to execute arbitrary SQL commands via the posts variable.
Wordpress Wordpress
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »