Vulmon
Recent Vulnerabilities
Trends
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
wordpress vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2015-5714
Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags....
Wordpress
14 Github repositories available
5
CVSSv2
CVE-2017-6514
WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information (Path Disclosure) via a /wp-json/oembed/1.0/embed?url= request, related to the "author_name":" substring....
Wordpress
4
CVSSv2
CVE-2015-5715
The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors....
Wordpress
11 Github repositories available
2.1
CVSSv2
CVE-2010-5297
WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances...
Wordpress
1 Github repository available
4.3
CVSSv2
CVE-2005-2107
Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p or (2) comment parameter....
Wordpress
5
CVSSv2
CVE-2006-3389
index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error message. NOTE: this issue has been disputed by a third party who states that the...
Wordpress
5
CVSSv2
CVE-2018-6389
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times....
Wordpress
1 EDB exploit available
40 Github repositories available
1 Article available
10
CVSSv2
CVE-2012-2399
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a...
Wordpress
2 Github repositories available
7.5
CVSSv2
CVE-2008-1930
The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering...
Wordpress
2 Github repositories available
5
CVSSv2
CVE-2014-6412
WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach....
Wordpress
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-1630
CVE-2020-0674
CVE-2018-21038
bypass
CVE-2020-1987
CVE-2020-1988
insecure direct object reference
race condition
CVE-2020-6819
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »
Vulmon