Vulmon
Recent Vulnerabilities
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
wordpress vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2017-14722
Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename....
7.5
CVSSv2
CVE-2017-14723
Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks....
1 Github repository available
1 Article available
4.3
CVSSv2
CVE-2017-14720
Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name....
4.3
CVSSv2
CVE-2017-14721
Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name....
1 Github repository available
4.3
CVSSv2
CVE-2012-2404
wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors....
10
CVSSv2
CVE-2012-2399
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a...
1 Github repository available
4.3
CVSSv2
CVE-2012-2403
wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors....
5
CVSSv2
CVE-2012-2401
Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content....
10
CVSSv2
CVE-2012-2400
Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors....
5.5
CVSSv2
CVE-2012-2402
wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors....
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-28212
CVE-2020-4005
CVE-2020-12496
CVE-2020-22723
encryption
CVE-2017-5638
camera
suitecrm
validation
salesagility
CVE-2020-7553
« PREV
1
2
3
4
5
6
7
NEXT »
Vulmon