Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.1 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2016-6635
Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress prior to 4.5 allows remote malicious users to hijack the authentication of administrators for requests that change the script compression...
Wordpress Wordpress
6.1
CVSSv3
CVE-2016-5834
Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post-template.php in WordPress prior to 4.5.3 allows remote malicious users to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016...
Wordpress Wordpress
6.1
CVSSv3
CVE-2017-14724
Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery.
Wordpress Wordpress
6.1
CVSSv3
CVE-2016-1564
Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/class-wp-theme.php in WordPress prior to 4.4.1 allow remote malicious users to inject arbitrary web script or HTML via a (1) stylesheet name or (2) template name to wp-admin/customize.php.
Wordpress Wordpress
8 Github repositories
6.1
CVSSv3
CVE-2017-14720
Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name.
Wordpress Wordpress
6.1
CVSSv3
CVE-2017-14721
Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name.
Wordpress Wordpress
1 Github repository
6.1
CVSSv3
CVE-2017-14726
Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor.
Wordpress Wordpress
6.1
CVSSv3
CVE-2015-8834
Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress prior to 4.2.2 allows remote malicious users to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type. NOTE: this vulnerabi...
Wordpress Wordpress
6.3
CVSSv3
CVE-2016-7169
Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress prior to 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter.
Wordpress Wordpress
6.1
CVSSv3
CVE-2017-14718
Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL.
Wordpress Wordpress
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »