Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.0.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-2340
Cross-site request forgery (CSRF) vulnerability in the XCloner plugin prior to 3.1.1 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php.
Xcloner Xcloner
Xcloner Xcloner 2.1.2
Xcloner Xcloner 3.0
Xcloner Xcloner 3.0.3
Xcloner Xcloner 3.0.1
Xcloner Xcloner 3.0.6
Xcloner Xcloner 3.0.8
Xcloner Xcloner 3.0.7
Xcloner Xcloner 3.0.5
Xcloner Xcloner 3.0.2
Xcloner Xcloner 3.0.4
Xcloner Xcloner 2.2.1
Xcloner Xcloner 2.1
1 EDB exploit
NA
CVE-2013-4626
Cross-site scripting (XSS) vulnerability in the BackWPup plugin prior to 3.0.13 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the tab parameter to wp-admin/admin.php.
Marketpress Backwpup Plugin 3.0.7
Marketpress Backwpup Plugin 3.0.6
Marketpress Backwpup Plugin 3.0.5
Marketpress Backwpup Plugin 3.0.4
Marketpress Backwpup Plugin 3.0
Marketpress Backwpup Plugin
Marketpress Backwpup Plugin 3.0.10
Marketpress Backwpup Plugin 3.0.8
Marketpress Backwpup Plugin 3.0.3
Marketpress Backwpup Plugin 3.0.1
Marketpress Backwpup Plugin 3.0.11
Marketpress Backwpup Plugin 3.0.9
Marketpress Backwpup Plugin 3.0.2
NA
CVE-2011-4671
SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions prior to 3.6.8, for WordPress allows remote malicious users to execute arbitrary SQL commands via the track parameter (aka redirect URL).
Adrotateplugin Adrotate 3.6.3
Adrotateplugin Adrotate 3.6.2
Adrotateplugin Adrotate 3.3
Adrotateplugin Adrotate 3.2.2
Adrotateplugin Adrotate 3.0.1
Adrotateplugin Adrotate 3.0
Adrotateplugin Adrotate 2.4.1
Adrotateplugin Adrotate 2.4
Adrotateplugin Adrotate 1.0
Adrotateplugin Adrotate 0.8
Adrotateplugin Adrotate 0.2
Adrotateplugin Adrotate 0.1
Adrotateplugin Adrotate
Adrotateplugin Adrotate 3.6.6
Adrotateplugin Adrotate 3.5.1
Adrotateplugin Adrotate 3.5
Adrotateplugin Adrotate 3.1.1
Adrotateplugin Adrotate 3.1
Adrotateplugin Adrotate 2.5
Adrotateplugin Adrotate 2.4.4
Adrotateplugin Adrotate 2.2
Adrotateplugin Adrotate 2.1
2 EDB exploits
NA
CVE-2013-1852
SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin prior to 3.8.1 for WordPress allows remote malicious users to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php.
Kolja Schleich Leaguemanager
Kolja Schleich Leaguemanager 3.7
Kolja Schleich Leaguemanager 3.6.9
Kolja Schleich Leaguemanager 3.5.2
Kolja Schleich Leaguemanager 3.5.1
Kolja Schleich Leaguemanager 3.5
Kolja Schleich Leaguemanager 3.4.2
Kolja Schleich Leaguemanager 3.1.7
Kolja Schleich Leaguemanager 3.1.6
Kolja Schleich Leaguemanager 3.1.5
Kolja Schleich Leaguemanager 3.1.4
Kolja Schleich Leaguemanager 2.9
Kolja Schleich Leaguemanager 2.8
Kolja Schleich Leaguemanager 2.7.1
Kolja Schleich Leaguemanager 2.1
Kolja Schleich Leaguemanager 2.0
Kolja Schleich Leaguemanager 1.5
Kolja Schleich Leaguemanager 1.4.2
Kolja Schleich Leaguemanager 3.6.7
Kolja Schleich Leaguemanager 3.6.5
Kolja Schleich Leaguemanager 3.6
Kolja Schleich Leaguemanager 3.5.5
1 EDB exploit
1 Github repository
NA
CVE-2013-3526
Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and previous versions, for WordPress allows remote malicious users to inject arbitrary web script or HTML via the aoid parameter.
Wptrafficanalyzer Trafficanalyzer 3.3.2
Wptrafficanalyzer Trafficanalyzer 3.0.1
Wptrafficanalyzer Trafficanalyzer 3.0.0
Wptrafficanalyzer Trafficanalyzer 2.7.0
Wptrafficanalyzer Trafficanalyzer 2.6.0
Wptrafficanalyzer Trafficanalyzer 2.2.1
Wptrafficanalyzer Trafficanalyzer 2.2.0
Wptrafficanalyzer Trafficanalyzer 1.5.0
Wptrafficanalyzer Trafficanalyzer 1.4.0
Wptrafficanalyzer Trafficanalyzer 1.0.0
Wptrafficanalyzer Trafficanalyzer 3.2.1
Wptrafficanalyzer Trafficanalyzer 3.2.0
Wptrafficanalyzer Trafficanalyzer 3.1.0
Wptrafficanalyzer Trafficanalyzer 2.8.2
Wptrafficanalyzer Trafficanalyzer 2.8.1
Wptrafficanalyzer Trafficanalyzer 2.5.0
Wptrafficanalyzer Trafficanalyzer 2.4.1
Wptrafficanalyzer Trafficanalyzer 1.8.0
Wptrafficanalyzer Trafficanalyzer 1.7.0
Wptrafficanalyzer Trafficanalyzer 1.1.3
Wptrafficanalyzer Trafficanalyzer 1.1.2
Wptrafficanalyzer Trafficanalyzer 3.0.3
1 EDB exploit
NA
CVE-2013-5962
Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin prior to 3.3.4 rev40279 for WordPress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct...
Envato Complete Gallery Manager Plugin 3.3.2
Envato Complete Gallery Manager Plugin 3.3.1
Envato Complete Gallery Manager Plugin 3.2.2
Envato Complete Gallery Manager Plugin 3.2.1
Envato Complete Gallery Manager Plugin 2.0.2
Envato Complete Gallery Manager Plugin 2.0.1
Envato Complete Gallery Manager Plugin 3.2.6
Envato Complete Gallery Manager Plugin 3.2.5
Envato Complete Gallery Manager Plugin 3.1.0
Envato Complete Gallery Manager Plugin 3.0.1
Envato Complete Gallery Manager Plugin 1.0.1
Envato Complete Gallery Manager Plugin 1.0.0
Envato Complete Gallery Manager Plugin 3.3.0
Envato Complete Gallery Manager Plugin 3.2.8
Envato Complete Gallery Manager Plugin 3.2.7
Envato Complete Gallery Manager Plugin 3.2.0
Envato Complete Gallery Manager Plugin 3.1.1
Envato Complete Gallery Manager Plugin 2.0.0
Envato Complete Gallery Manager Plugin 1.0.2
Envato Complete Gallery Manager Plugin
Envato Complete Gallery Manager Plugin 3.2.4
Envato Complete Gallery Manager Plugin 3.2.3
1 EDB exploit
NA
CVE-2013-5020
Multiple cross-site scripting (XSS) vulnerabilities in bb_admin.php in MiniBB prior to 3.0.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) forum_name, (2) forum_group, (3) forum_icon, or (4) forum_desc parameter. NOTE: the whatus vector is alread...
Minibb Minibb
1 EDB exploit
9.8
CVSSv3
CVE-2021-24284
The Kaswara Modern VC Addons WordPress plugin up to and including 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malic...
Kaswara Project Kaswara
1 Github repository
1 Article
NA
CVE-2013-6342
Cross-site scripting (XSS) vulnerability in the Tweet Blender plugin prior to 4.0.2 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the tb_tab_index parameter to wp-admin/options-general.php.
Tweet-blender Tweet-blender
Tweet-blender Tweet-blender 4.0.0
Tweet-blender Tweet-blender 3.3.15
Tweet-blender Tweet-blender 3.3.14
Tweet-blender Tweet-blender 3.3.0
Tweet-blender Tweet-blender 3.2.4
Tweet-blender Tweet-blender 3.2.3
Tweet-blender Tweet-blender 3.2.2
Tweet-blender Tweet-blender 3.1.8
Tweet-blender Tweet-blender 3.1.7
Tweet-blender Tweet-blender 3.1.6
Tweet-blender Tweet-blender 3.1.5
Tweet-blender Tweet-blender 3.1.4
Tweet-blender Tweet-blender 3.0.0
Tweet-blender Tweet-blender 2.4.7
Tweet-blender Tweet-blender 2.4.6
Tweet-blender Tweet-blender 2.4.5
Tweet-blender Tweet-blender 2.0.4
Tweet-blender Tweet-blender 2.0.3
Tweet-blender Tweet-blender 2.0.2
Tweet-blender Tweet-blender 2.0.1
Tweet-blender Tweet-blender 3.3.9
NA
CVE-2012-4283
Cross-site scripting (XSS) vulnerability in the Login With Ajax plugin prior to 3.0.4.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the callback parameter.
Netweblogic Login With Ajax 3.0.1
Netweblogic Login With Ajax 2.21
Netweblogic Login With Ajax 2.1.1
Netweblogic Login With Ajax
Netweblogic Login With Ajax 3.0.3
Netweblogic Login With Ajax 3.0.2
Netweblogic Login With Ajax 2.2
Netweblogic Login With Ajax 2.1.5
Netweblogic Login With Ajax 2.1.4
Netweblogic Login With Ajax 2.1.3
Netweblogic Login With Ajax 2.1.2
Netweblogic Login With Ajax 3.0
Netweblogic Login With Ajax 3.0b
Netweblogic Login With Ajax 2.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
brute force
CVE-2024-24908
open redirect
CVE-2024-31497
CVE-2023-45866
CVE-2024-4135
CVE-2024-25523
cache poisoning
CVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »