Vulmon
Recent Vulnerabilities
Trends
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
wordpress vulnerabilities and exploits
(subscribe to this query)
2.6
CVSSv2
CVE-2016-9263
WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file....
Wordpress
4.3
CVSSv2
CVE-2019-20042
In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function wp_targeted_link_rel() can be used in a particular way to result in a stored cross-site scripting (XSS) vulnerability. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions...
Wordpress
2 Github repositories available
4.3
CVSSv2
CVE-2015-5714
Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags....
Wordpress
14 Github repositories available
4.3
CVSSv2
CVE-2005-2107
Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p or (2) comment parameter....
Wordpress
7.5
CVSSv2
CVE-2007-2821
SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter....
Wordpress
1 EDB exploit available
1 Github repository available
4.3
CVSSv2
CVE-2008-1304
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php....
Wordpress
2 EDB exploits available
5
CVSSv2
CVE-2016-5839
WordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name protection mechanism via unspecified vectors....
Wordpress
4.3
CVSSv2
CVE-2013-2202
WordPress before 3.5.2 allows remote attackers to read arbitrary files via an oEmbed XML provider response containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue....
Wordpress
5
CVSSv2
CVE-2011-3818
WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by wp-admin/includes/user.php and certain other files....
Wordpress
6.8
CVSSv2
CVE-2013-7233
Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list....
Wordpress
1 EDB exploit available
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-11061
mods for hesk
CVE-2020-8193
remote attackers
CVE-2020-8558
reflected XSS
CVE-2020-7693
administrator privileges
mods-for-hesk
CVE-2020-15526
CVE-2020-7457
« PREV
1
2
3
4
5
6
7
8
9
NEXT »
Vulmon