Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.5 vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2005-1688
Wordpress 1.5 and previous versions allows remote malicious users to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message.
Wordpress Wordpress
445
VMScore
CVE-2014-8585
Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.
Wpdownloadmanager Wordpress Download Manager 2.6.91
Wpdownloadmanager Wordpress Download Manager 2.6.9
Wpdownloadmanager Wordpress Download Manager 2.6.2
Wpdownloadmanager Wordpress Download Manager 2.6.1
Wpdownloadmanager Wordpress Download Manager 2.5.93
Wpdownloadmanager Wordpress Download Manager 2.5.92
Wpdownloadmanager Wordpress Download Manager 2.5.4
Wpdownloadmanager Wordpress Download Manager 2.5.3
Wpdownloadmanager Wordpress Download Manager 2.4.6
Wpdownloadmanager Wordpress Download Manager 2.4.5
Wpdownloadmanager Wordpress Download Manager 2.3.7
Wpdownloadmanager Wordpress Download Manager 2.3.6
Wpdownloadmanager Wordpress Download Manager 2.2.9
Wpdownloadmanager Wordpress Download Manager 2.2.8
Wpdownloadmanager Wordpress Download Manager 2.2.1
Wpdownloadmanager Wordpress Download Manager 2.2.0
Wpdownloadmanager Wordpress Download Manager 2.1.3
Wpdownloadmanager Wordpress Download Manager 2.0.16
Wpdownloadmanager Wordpress Download Manager 2.0.15
Wpdownloadmanager Wordpress Download Manager 2.0.8
Wpdownloadmanager Wordpress Download Manager 2.0.7
Wpdownloadmanager Wordpress Download Manager 1.5.33
605
VMScore
CVE-2013-2705
Cross-site request forgery (CSRF) vulnerability in the WordPress Simple Paypal Shopping Cart plugin prior to 3.6 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that change plugin settings.
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 3.3.1
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 3.2.9
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.5
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.3
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.1
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.6
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.4
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 3.2.8
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 3.2.7
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.8
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.6
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.2.2
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.2
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 3.4
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.0
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.9
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.8
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.7
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 3.3.2
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 3.3.0
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.4
605
VMScore
CVE-2007-6013
Wordpress 1.5 up to and including 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows malicious users to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.
Wordpress Wordpress
Fedoraproject Fedora 8
Fedoraproject Fedora 7
383
VMScore
CVE-2008-0197
Multiple cross-site scripting (XSS) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and previous versions plugin for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) wpcf_email, (2) wpcf_subject, ...
Wordpress Wp-contactform
312
VMScore
CVE-2021-24718
The Contact Form, Survey & Popup Form Plugin for WordPress plugin prior to 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Reputeinfosystems Contact Form\\, Survey \\& Popup Form Plugin For Wordpress - Arforms Form Builder
655
VMScore
CVE-2014-8375
SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selected_group parameter in a gb_ajax_get_group action to wp-admin/admin-ajax.php.
Gb-plugins Gb Gallery Slideshow 1.5
1 EDB exploit
450
VMScore
CVE-2012-1835
Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) befor...
Timely All-in-one Event Calendar 1.5
Timely All-in-one Event Calendar 1.4
4 EDB exploits
355
VMScore
CVE-2012-5388
Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, a relate...
Videousermanuals White-label-cms 1.5
1 EDB exploit
755
VMScore
CVE-2012-2109
SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x prior to 1.5.5 of WordPress allows remote malicious users to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action.
Buddypress Buddypress 1.5
Buddypress Buddypress 1.5.2
Buddypress Buddypress 1.5.3
Buddypress Buddypress 1.5.3.1
Buddypress Buddypress 1.5.4
Buddypress Buddypress 1.5.1
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »