Vulmon Recent Vulnerabilities Trends Blog About Contact

wordpress vulnerabilities and exploits

(subscribe to this query)

7.5
CVSSv2
CVE-2011-3130
wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Taxonomy query hardening," possibly involving SQL injection....
5.8
CVSSv2
CVE-2011-3127
WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for (1) admin or (2) login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site....
5
CVSSv2
CVE-2011-3126
WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote attackers to determine usernames of non-authors via canonical redirects....
10
CVSSv2
CVE-2011-3125
Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Various security hardening."...
10
CVSSv2
CVE-2011-3122
Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Media security."...
4.3
CVSSv2
CVE-2018-5776
WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement)....
9.3
CVSSv2
CVE-2011-3129
The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames....
3.5
CVSSv2
CVE-2017-6817
In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds....
4.3
CVSSv2
CVE-2017-6818
In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names....
3.5
CVSSv2
CVE-2017-6814
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cpanelLFICVE-2020-26101cross-site scriptingdosCVE-2020-25223CVE-2020-1895CVE-2020-25747CVE-2020-15802CVE-2020-25134