Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.2 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2011-4669
SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote malicious users to execute arbitrary SQL commands via the uid parameter to index.php.
Wordpress Wordpress-users 1.2
Wordpress Wordpress-users 0.9
Wordpress Wordpress-users 0.2
Wordpress Wordpress-users
Wordpress Wordpress-users 1.1
Wordpress Wordpress-users 1.0
4.3
CVSSv2
CVE-2006-1263
Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress prior to 2.0.2 allow remote malicious users to inject arbitrary web script or HTML via unknown attack vectors.
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.5
Wordpress Wordpress 2.0
Wordpress Wordpress 0.6.2.1
Wordpress Wordpress 0.6.2
Wordpress Wordpress 0.7
Wordpress Wordpress 0.71
Wordpress Wordpress 1.5.1
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 1.5.2
Wordpress Wordpress 1.2
Wordpress Wordpress 1.2.2
Wordpress Wordpress 2.0.1
5.1
CVSSv2
CVE-2008-4106
WordPress prior to 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote malicious users to chang...
Wordpress Wordpress 1.2.2
Wordpress Wordpress 1.5-strayhorn
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.0.10
Wordpress Wordpress 2.1.2
Wordpress Wordpress 2.1.3
Wordpress Wordpress 2.6
Wordpress Wordpress 0.71-gold
Wordpress Wordpress 1.5.1.1
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 2.0.11
Wordpress Wordpress 2.0.5
Wordpress Wordpress 2.2
Wordpress Wordpress 2.2.1
Wordpress Wordpress 1.0.1-miles
Wordpress Wordpress 1.0.2-blakey
Wordpress Wordpress 1.2.1
Wordpress Wordpress 2.0
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.9
Wordpress Wordpress 2.1
Wordpress Wordpress 2.1.1
6.8
CVSSv2
CVE-2006-1796
Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions prior to 2.0.1, allows remote malicious users to inject arbitrary web script or HTML to Internet Explorer users via the reque...
Wordpress Wordpress 1.0.1
Wordpress Wordpress 1.2
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 1.5.2
Wordpress Wordpress
Wordpress Wordpress 0.6.2.1
Wordpress Wordpress 0.6.2
Wordpress Wordpress 0.7
Wordpress Wordpress 0.71
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.2.2
Wordpress Wordpress 1.5
Wordpress Wordpress 1.5.1
Wordpress Wordpress 1.0
Wordpress Wordpress 1.0.2
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 2.0
4.3
CVSSv2
CVE-2008-5278
Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress prior to 2.6.5 allows remote malicious users to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable).
Wordpress Wordpress 2.3
Wordpress Wordpress 2.2 Revision5003
Wordpress Wordpress 2.1.3 Rc1
Wordpress Wordpress 2.1.3
Wordpress Wordpress 2.1
Wordpress Wordpress 2.0.8
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.10
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.2.2
Wordpress Wordpress 1.0-platinum
Wordpress Wordpress 1.0.2-blakey
Wordpress Wordpress 0.6.2.1
Wordpress Wordpress 0.6.2
Wordpress Wordpress 0.72
Wordpress Wordpress 2.5
Wordpress Wordpress 2.5.1
Wordpress Wordpress 2.3.1
Wordpress Wordpress 2.2.2
Wordpress Wordpress 2.2.1
Wordpress Wordpress 2.2.0
5
CVSSv2
CVE-2013-7240
Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the dew_file parameter.
Westerndeal Advanced Dewplayer 1.2
Wordpress Wordpress -
1 EDB exploit
1 Github repository
6.8
CVSSv2
CVE-2006-6808
Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote malicious users to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have reported this as a vulnerability in the get_file_description function in wp-a...
Wordpress Wordpress 0.71
Wordpress Wordpress 1.2
Wordpress Wordpress 1.5.2
Wordpress Wordpress 0.6.2.1
Wordpress Wordpress 1.5
Wordpress Wordpress 1.5.1
Wordpress Wordpress 2.0.4
Wordpress Wordpress
Wordpress Wordpress 0.6.2
Wordpress Wordpress 0.7
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 2.0
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.2.2
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.0.3
1 EDB exploit
9.3
CVSSv2
CVE-2008-4769
Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and previous versions, and 2.5, allows remote malicious users to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of ...
Wordpress Wordpress 1.2-delta
Wordpress Wordpress 2.1.3
Wordpress Wordpress 1.0.1-miles
Wordpress Wordpress 1.5-strayhorn
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.0.3
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.3
Wordpress Wordpress 1.2
Wordpress Wordpress 2.2 Revision5003
Wordpress Wordpress 2.2.2
Wordpress Wordpress 1.0
Wordpress Wordpress 1.0.1
Wordpress Wordpress 0.7
Wordpress Wordpress 0.72
Wordpress Wordpress 1.4
Wordpress Wordpress 1.2-mingus
Wordpress Wordpress 2.2 Revision5002
Wordpress Wordpress 1.0.2-blakey
Wordpress Wordpress 1.5.1.1
1 EDB exploit
7.5
CVSSv2
CVE-2007-0233
wp-trackback.php in WordPress 2.0.6 and previous versions does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote malicious users to execute arbitrary SQL commands vi...
Wordpress Wordpress 0.6.2
Wordpress Wordpress 0.7
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 1.5.2
Wordpress Wordpress 2.0.6
Wordpress Wordpress 0.6.2.1
Wordpress Wordpress 1.5.1
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.0.5
Wordpress Wordpress 0.71
Wordpress Wordpress 1.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 2.0
Wordpress Wordpress 2.0.1
Wordpress Wordpress 1.2.2
Wordpress Wordpress 1.5
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.0.3
1 EDB exploit
4.3
CVSSv2
CVE-2007-1049
Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 prior to 2.0.9 and 2.1 prior to 2.1.1 allows remote malicious users to inject arbitrary web script or HTML via the file parameter...
Wordpress Wordpress 1.5
Wordpress Wordpress 1.5.1
Wordpress Wordpress 2.0.3
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.0.5
Wordpress Wordpress 0.6.2
Wordpress Wordpress 0.7
Wordpress Wordpress 1.5.2
Wordpress Wordpress 2.0
Wordpress Wordpress 0.6.2.1
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.7
Wordpress Wordpress 0.71
Wordpress Wordpress 1.2.2
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.2
Wordpress Wordpress 1.2
Wordpress Wordpress 1.2.1
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »