Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.6.1 vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2015-5731
Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress prior to 4.2.4 allows remote malicious users to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service (editing blockage), via a get-po...
Wordpress Wordpress
383
VMScore
CVE-2015-5732
Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress prior to 4.2.4 allows remote malicious users to inject arbitrary web script or HTML via a widget title.
Wordpress Wordpress
1 Github repository
385
VMScore
CVE-2015-5734
Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress prior to 4.2.4 allows remote malicious users to inject arbitrary web script or HTML via a crafted string.
Wordpress Wordpress
5 Github repositories
312
VMScore
CVE-2015-7989
Cross-site scripting (XSS) vulnerability in the user list table in WordPress prior to 4.3.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted e-mail address, a different vulnerability than CVE-2015-5714.
Wordpress Wordpress
2 Github repositories
316
VMScore
CVE-2015-5622
Cross-site scripting (XSS) vulnerability in WordPress prior to 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-i...
Wordpress Wordpress
Debian Debian Linux 8.0
13 Github repositories
439
VMScore
CVE-2015-3440
Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress prior to 4.2.1 allows remote malicious users to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type.
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Wordpress Wordpress
1 EDB exploit
14 Github repositories
383
VMScore
CVE-2015-3438
Multiple cross-site scripting (XSS) vulnerabilities in WordPress prior to 4.1.2, when MySQL is used without strict mode, allow remote malicious users to inject arbitrary web script or HTML via a (1) four-byte UTF-8 character or (2) invalid character that reaches the database laye...
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 7.0
760
VMScore
CVE-2011-4671
SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions prior to 3.6.8, for WordPress allows remote malicious users to execute arbitrary SQL commands via the track parameter (aka redirect URL).
Adrotateplugin Adrotate 3.6.3
Adrotateplugin Adrotate 3.6.2
Adrotateplugin Adrotate 3.3
Adrotateplugin Adrotate 3.2.2
Adrotateplugin Adrotate 3.0.1
Adrotateplugin Adrotate 3.0
Adrotateplugin Adrotate 2.4.1
Adrotateplugin Adrotate 2.4
Adrotateplugin Adrotate 1.0
Adrotateplugin Adrotate 0.8
Adrotateplugin Adrotate 0.2
Adrotateplugin Adrotate 0.1
Adrotateplugin Adrotate
Adrotateplugin Adrotate 3.6.6
Adrotateplugin Adrotate 3.5.1
Adrotateplugin Adrotate 3.5
Adrotateplugin Adrotate 3.1.1
Adrotateplugin Adrotate 3.1
Adrotateplugin Adrotate 2.5
Adrotateplugin Adrotate 2.4.4
Adrotateplugin Adrotate 2.2
Adrotateplugin Adrotate 2.1
2 EDB exploits
435
VMScore
CVE-2011-3850
Cross-site scripting (XSS) vulnerability in the Atahualpa theme prior to 3.6.8 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the s parameter.
Bytesforall Atahualpa
Bytesforall Atahualpa 2.0
Bytesforall Atahualpa 2.01
Bytesforall Atahualpa 2.2
Bytesforall Atahualpa 2.21
Bytesforall Atahualpa 3.1
Bytesforall Atahualpa 3.1.1
Bytesforall Atahualpa 3.1.2
Bytesforall Atahualpa 3.1.3
Bytesforall Atahualpa 3.1.4
Bytesforall Atahualpa 3.1.5
Bytesforall Atahualpa 3.1.6
Bytesforall Atahualpa 3.1.8
Bytesforall Atahualpa 3.1.9
Bytesforall Atahualpa 3.2
Bytesforall Atahualpa 3.4
Bytesforall Atahualpa 3.4.01
Bytesforall Atahualpa 3.4.1
Bytesforall Atahualpa 3.4.3
Bytesforall Atahualpa 3.4.4
Bytesforall Atahualpa 3.4.5
Bytesforall Atahualpa 3.4.6
1 EDB exploit
755
VMScore
CVE-2013-1852
SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin prior to 3.8.1 for WordPress allows remote malicious users to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php.
Kolja Schleich Leaguemanager
Kolja Schleich Leaguemanager 3.7
Kolja Schleich Leaguemanager 3.6.9
Kolja Schleich Leaguemanager 3.5.2
Kolja Schleich Leaguemanager 3.5.1
Kolja Schleich Leaguemanager 3.5
Kolja Schleich Leaguemanager 3.4.2
Kolja Schleich Leaguemanager 3.1.7
Kolja Schleich Leaguemanager 3.1.6
Kolja Schleich Leaguemanager 3.1.5
Kolja Schleich Leaguemanager 3.1.4
Kolja Schleich Leaguemanager 2.9
Kolja Schleich Leaguemanager 2.8
Kolja Schleich Leaguemanager 2.7.1
Kolja Schleich Leaguemanager 2.1
Kolja Schleich Leaguemanager 2.0
Kolja Schleich Leaguemanager 1.5
Kolja Schleich Leaguemanager 1.4.2
Kolja Schleich Leaguemanager 3.6.7
Kolja Schleich Leaguemanager 3.6.5
Kolja Schleich Leaguemanager 3.6
Kolja Schleich Leaguemanager 3.5.5
1 EDB exploit
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »