Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.5 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-2579
Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that (1) change the administrator password via the config task to index2.php or (2) ...
Xcloner Xcloner
1 EDB exploit
NA
CVE-2011-3854
Cross-site scripting (XSS) vulnerability in the ZenLite theme prior to 4.4 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the s parameter.
Quirm Zenlite
Quirm Zenlite 1.0
Quirm Zenlite 1.1
Quirm Zenlite 1.2
Quirm Zenlite 1.3
Quirm Zenlite 2.0
Quirm Zenlite 2.1
Quirm Zenlite 2.2
Quirm Zenlite 2.4
Quirm Zenlite 2.5
Quirm Zenlite 2.6
Quirm Zenlite 2.7
Quirm Zenlite 3.0
Quirm Zenlite 3.1
Quirm Zenlite 3.2
Quirm Zenlite 3.3
Quirm Zenlite 3.4
Quirm Zenlite 3.5
Quirm Zenlite 3.51
Quirm Zenlite 3.52
Quirm Zenlite 3.60
Quirm Zenlite 3.61
NA
CVE-2010-4403
The Register Plus plugin 3.5.1 and previous versions for WordPress allows remote malicious users to obtain sensitive information via a direct request to (1) dash_widget.php and (2) register-plus.php, which reveals the installation path in an error message.
Devbits Register-plus 3.4
Devbits Register-plus 3.3
Devbits Register-plus 2.7
Devbits Register-plus 2.6
Devbits Register-plus 1.2
Devbits Register-plus 1.1
Devbits Register-plus 3.5
Devbits Register-plus 3.4.1
Devbits Register-plus 3.0
Devbits Register-plus 2.9
Devbits Register-plus 2.8
Devbits Register-plus 2.1
Devbits Register-plus 2.0
Devbits Register-plus 3.2
Devbits Register-plus 3.1
Devbits Register-plus 2.5
Devbits Register-plus 2.4
Devbits Register-plus
Devbits Register-plus 3.0.2
Devbits Register-plus 3.0.1
Devbits Register-plus 2.3
Devbits Register-plus 2.2
NA
CVE-2010-4402
Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Register Plus plugin 3.5.1 and previous versions for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) firstname, (2) lastname, (3) website, (4) aim, (5) yahoo, (6) ...
Devbits Register-plus 3.4.1
Devbits Register-plus 3.4
Devbits Register-plus 2.8
Devbits Register-plus 2.7
Devbits Register-plus 2.0
Devbits Register-plus 1.2
Devbits Register-plus
Devbits Register-plus 3.5
Devbits Register-plus 3.0.1
Devbits Register-plus 3.0
Devbits Register-plus 2.9
Devbits Register-plus 2.2
Devbits Register-plus 2.1
Devbits Register-plus 3.3
Devbits Register-plus 3.2
Devbits Register-plus 2.6
Devbits Register-plus 2.5
Devbits Register-plus 1.1
Devbits Register-plus 3.1
Devbits Register-plus 3.0.2
Devbits Register-plus 2.4
Devbits Register-plus 2.3
9.8
CVSSv3
CVE-2022-3477
The tagDiv Composer WordPress plugin prior to 3.5, required by the Newspaper WordPress theme prior to 12.1 and Newsmag WordPress theme prior to 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated malicious users to login as any user by just kno...
Tagdiv Composer Project Tagdiv Composer
Newsmag Project Newsmag
Newspaper Project Newspaper
8.8
CVSSv3
CVE-2015-9322
The erident-custom-login-and-dashboard plugin prior to 3.5 for WordPress has CSRF.
Erident Custom Login And Dashboard Project Erident Custom Login And Dashboard
6.1
CVSSv3
CVE-2021-34664
The Moova for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the lat parameter in the ~/Checkout/Checkout.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 3.5.
Moova Moova For Woocommerce
5.4
CVSSv3
CVE-2023-5232
The Font Awesome More Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'icon' shortcode in versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for au...
Webguysaz Font Awesome More Icons
NA
CVE-2024-2801
The Shopkeeper Extender plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'image_slide' shortcode in all versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This...
8.8
CVSSv3
CVE-2023-5465
The Popup with fancybox plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...
Gopiplus Popup With Fancybox
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »