Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.2 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2014-10387
The wp-support-plus-responsive-ticket-system plugin prior to 4.2 for WordPress has SQL injection.
Wpsupportplus Wp Support Plus Responsive Ticket System
9.8
CVSSv3
CVE-2014-10389
The wp-support-plus-responsive-ticket-system plugin prior to 4.2 for WordPress has incorrect authentication.
Wpsupportplus Wp Support Plus Responsive Ticket System
9.1
CVSSv3
CVE-2014-10390
The wp-support-plus-responsive-ticket-system plugin prior to 4.2 for WordPress has directory traversal.
Wpsupportplus Wp Support Plus Responsive Ticket System
8.8
CVSSv3
CVE-2022-1103
The Advanced Uploader WordPress plugin up to and including 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE
Advanced Uploader Project Advanced Uploader
7.5
CVSSv3
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Wordpress Wordpress 4.7.1
Wordpress Wordpress 4.7.2
Wordpress Wordpress 4.6.6
Wordpress Wordpress 4.6.5
Wordpress Wordpress 4.6.4
Wordpress Wordpress 4.5.7
Wordpress Wordpress 4.5.6
Wordpress Wordpress 4.5
Wordpress Wordpress 4.4.9
Wordpress Wordpress 4.4.11
Wordpress Wordpress 4.4.10
Wordpress Wordpress 4.3.5
Wordpress Wordpress 4.3.4
Wordpress Wordpress 4.3
Wordpress Wordpress 4.2.9
Wordpress Wordpress 4.2.16
Wordpress Wordpress 4.2.15
Wordpress Wordpress 4.2
Wordpress Wordpress 4.1.9
Wordpress Wordpress 4.1.2
Wordpress Wordpress 4.1.19
Wordpress Wordpress 4.1.11
2 Github repositories
6.1
CVSSv3
CVE-2023-3169
The tagDiv Composer WordPress plugin prior to 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated...
Tagdiv Tagdiv Composer
6.1
CVSSv3
CVE-2022-0892
The Export All URLs WordPress plugin prior to 4.2 does not sanitise and escape the CSV filename before outputting it back in the page, leading to a Reflected Cross-Site Scripting
Atlasgondal Export All Urls
5.3
CVSSv3
CVE-2014-10388
The wp-support-plus-responsive-ticket-system plugin prior to 4.2 for WordPress has full path disclosure.
Wpsupportplus Wp Support Plus Responsive Ticket System
4.8
CVSSv3
CVE-2023-3170
The tagDiv Composer WordPress plugin prior to 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfiltere...
Tagdiv Tagdiv Composer
4.8
CVSSv3
CVE-2022-2628
The DSGVO All in one for WP WordPress plugin prior to 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in ...
Dsgvo-for-wp Dsgvo All In One For Wp
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »