Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2024-3094
Malicious code exists in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific fun...
Tukaani Xz 5.6.1
Tukaani Xz 5.6.0
77 Github repositories
6 Articles
10
CVSSv3
CVE-2020-35489
The contact-form-7 (aka Contact Form 7) plugin prior to 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.
Rocklobster Contact Form 7
5 Github repositories
10
CVSSv3
CVE-2020-24186
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 up to and including 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.
Gvectors Wpdiscuz
7 Github repositories
10
CVSSv3
CVE-2019-16932
A blind SSRF vulnerability exists in the Visualizer plugin prior to 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data.
Themeisle Visualizer
10
CVSSv3
CVE-2016-10927
The nelio-ab-testing plugin prior to 4.5.11 for WordPress has SSRF in ajax/iesupport.php.
Neliosoftware Nelio Ab Testing
10
CVSSv3
CVE-2016-10926
The nelio-ab-testing plugin prior to 4.5.9 for WordPress has SSRF in ajax/iesupport.php.
Neliosoftware Nelio Ab Testing
10
CVSSv3
CVE-2017-12542
A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version before 2.53 was found.
Hp Integrated Lights-out 4 Firmware
1 EDB exploit
24 Github repositories
9.9
CVSSv3
CVE-2024-3342
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to SQL Injection via the 'events' attribute of the 'mp-timetable' shortcode in all versions up to, and including, 2.4.11 due to insufficient escaping on the user supplied paramete...
9.9
CVSSv3
CVE-2023-3342
The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'ur_upload_profile_pic' function in versions up to, and including, 3.0.2. This makes it possible for authenticate...
Wpeverest User Registration
9.9
CVSSv3
CVE-2020-35951
An issue exists in the Quiz and Survey Master plugin prior to 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an malicious user to reinstall with a WordPress instance under their cont...
Expresstech Quiz And Survey Master
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5274
CVE-2024-35388
CVE-2024-35396
elevation of privilege
CVE-2021-47544
file upload
CVE-2021-47545
memory leak
CVE-2024-4956
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »