Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.3.1 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-20361
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters prior to 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).
Icegram Email Subscribers \\& Newsletters
1 Github repository
7.5
CVSSv2
CVE-2015-2213
SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress prior to 4.2.4 allows remote malicious users to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash.
Wordpress Wordpress
1 Article
6.8
CVSSv2
CVE-2016-10876
The wp-database-backup plugin prior to 4.3.1 for WordPress has CSRF.
Wpseeds Wp Database Backup
6.8
CVSSv2
CVE-2015-5731
Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress prior to 4.2.4 allows remote malicious users to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service (editing blockage), via a get-po...
Wordpress Wordpress
5.1
CVSSv2
CVE-2008-4107
The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows malicious users to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset funct...
Php Php 4.4.7
Php Php 4.3.9
Php Php 4.3.8
Php Php 4.3.11
Php Php 4.3.10
Php Php 4.2.1
Php Php 4.0
Php Php 4.0.4
Php Php 4.0.3
Php Php 4.4.6
Php Php 4.4.5
Php Php 4.3.7
Php Php 4.3.6
Php Php 4.3.1
Php Php 4.3.0
Php Php 4.1.0
Php Php 4.1.2
Php Php 4.0.7
Php Php 4.0.2
Php Php 4.0.1
Php Php 4.4.1
Php Php 4.4.0
5
CVSSv2
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Wordpress Wordpress 4.7.1
Wordpress Wordpress 4.7.2
Wordpress Wordpress 4.6.6
Wordpress Wordpress 4.6.5
Wordpress Wordpress 4.6.4
Wordpress Wordpress 4.5.7
Wordpress Wordpress 4.5.6
Wordpress Wordpress 4.5
Wordpress Wordpress 4.4.9
Wordpress Wordpress 4.4.11
Wordpress Wordpress 4.4.10
Wordpress Wordpress 4.3.5
Wordpress Wordpress 4.3.4
Wordpress Wordpress 4.3
Wordpress Wordpress 4.2.9
Wordpress Wordpress 4.2.16
Wordpress Wordpress 4.2.15
Wordpress Wordpress 4.2
Wordpress Wordpress 4.1.9
Wordpress Wordpress 4.1.2
Wordpress Wordpress 4.1.19
Wordpress Wordpress 4.1.11
2 Github repositories
4.3
CVSSv2
CVE-2022-0313
The Float menu WordPress plugin prior to 4.3.1 does not have CSRF check in place when deleting menu, which could allow malicious users to make a logged in admin delete them via a CSRF attack
Wow-estore Float Menu
4.3
CVSSv2
CVE-2016-10875
The wp-database-backup plugin prior to 4.3.1 for WordPress has XSS.
Wpseeds Wp Database Backup
4.3
CVSSv2
CVE-2015-5714
Cross-site scripting (XSS) vulnerability in WordPress prior to 4.3.1 allows remote malicious users to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.
Wordpress Wordpress
9 Github repositories
4.3
CVSSv2
CVE-2015-5732
Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress prior to 4.2.4 allows remote malicious users to inject arbitrary web script or HTML via a widget title.
Wordpress Wordpress
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »