Vulmon
Recent Vulnerabilities
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
wordpress vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2007-4894
Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other...
5
CVSSv2
CVE-2017-9062
In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API....
2 Github repositories available
5
CVSSv2
CVE-2017-9065
In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API....
1 Github repository available
4.3
CVSSv2
CVE-2017-9063
In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session....
1 Github repository available
4.3
CVSSv2
CVE-2017-9061
In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename....
9 Github repositories available
6.8
CVSSv2
CVE-2017-9064
In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials....
2 Github repositories available
5
CVSSv2
CVE-2017-9066
In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF....
2 Github repositories available
4.3
CVSSv2
CVE-2011-4956
Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors....
5
CVSSv2
CVE-2011-4957
The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a crafted URL that triggers many...
5
CVSSv2
CVE-2011-3128
WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php....
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cpanel
LFI
CVE-2020-26101
cross-site scripting
dos
CVE-2020-25223
CVE-2020-1895
CVE-2020-25747
CVE-2020-15802
CVE-2020-25134
« PREV
1
2
3
4
5
6
7
8
9
NEXT »
Vulmon