Vulmon
Recent Vulnerabilities
Trends
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
wordpress vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2016-7169
Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter....
Wordpress
2 Github repositories available
6.8
CVSSv2
CVE-2014-5205
wp-includes/pluggable.php in WordPress before 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack....
Wordpress
1 Github repository available
5
CVSSv2
CVE-2017-6514
WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information (Path Disclosure) via a /wp-json/oembed/1.0/embed?url= request, related to the "author_name":" substring....
Wordpress
5
CVSSv2
CVE-2012-6707
WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as...
Wordpress
7.5
CVSSv2
CVE-2005-2108
SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file....
Wordpress
1 EDB exploit available
4.3
CVSSv2
CVE-2017-8295
WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be...
Wordpress
1 EDB exploit available
15 Github repositories available
2 Articles available
7.5
CVSSv2
CVE-2013-4339
WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string....
Wordpress
5
CVSSv2
CVE-2018-6389
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times....
Wordpress
1 EDB exploit available
49 Github repositories available
1 Article available
7.5
CVSSv2
CVE-2008-2146
wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages....
Wordpress
6.8
CVSSv2
CVE-2007-6013
Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash....
Wordpress
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-5596
XML injection
remote
CVE-2020-5902
CVE-2020-15570
man-in-the-middle
CVE-2020-5595
CVE-2020-9498
CVE-2020-15525
« PREV
1
2
3
4
5
6
7
NEXT »
Vulmon