wordpress vulnerabilities and exploits

(subscribe to this query)

3.5

CVSSv2

wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin...

Wordpress Wordpress 2.5.1 Wordpress Wordpress 2.1.3 Wordpress Wordpress 2.2.1 Wordpress Wordpress 2.8.6 Wordpress Wordpress 2.3.1 Wordpress Wordpress 2.2.2 Wordpress Wordpress 2.0.6 Wordpress Wordpress 2.1 Wordpress Wordpress 2.6.5 Wordpress Wordpress 2.8.3 Wordpress Wordpress 2.8.1 Wordpress Wordpress 2.3 Wordpress Wordpress 2.0.8 Wordpress Wordpress 2.8 Wordpress Wordpress 2.0.9 Wordpress Wordpress 2.0.1 Wordpress Wordpress 2.0.10 Wordpress Wordpress 2.0.2 Wordpress Wordpress 2.0.4 Wordpress Wordpress 2.0.5 Wordpress Wordpress 2.7.1 Wordpress Wordpress 2.8.5 Wordpress Wordpress 2.9.1.1 Wordpress Wordpress 2.8.5.1 Wordpress Wordpress 1.2 Wordpress Wordpress 1.0 Wordpress Wordpress 1.0.1 Wordpress Wordpress 1.2.5 Wordpress Wordpress 3.1.3 Wordpress Wordpress 3.1.4 Wordpress Wordpress 3.1.1 Wordpress Wordpress 3.1.2 Wordpress Wordpress 3.0.1 Wordpress Wordpress 3.0 Wordpress Wordpress 2.0.11 Wordpress Wordpress 2.6.3 Wordpress Wordpress 2.8.4 Wordpress Wordpress 2.6.1 Wordpress Wordpress 2.6 Wordpress Wordpress 2.1.2 Wordpress Wordpress 2.9.2 Wordpress Wordpress 2.7 Wordpress Wordpress 2.9 Wordpress Wordpress 1.5.1.1 Wordpress Wordpress 1.5.1.2 Wordpress Wordpress 1.5.1.3 Wordpress Wordpress 1.5.2 Wordpress Wordpress 1.5 Wordpress Wordpress 1.3.3 Wordpress Wordpress 1.3 Wordpress Wordpress 1.3.2 Wordpress Wordpress 0.71 Wordpress Wordpress 3.3 Wordpress Wordpress 3.3.1 Wordpress Wordpress 3.3.3 Wordpress Wordpress 3.3.2 Wordpress Wordpress 1.5.1 Wordpress Wordpress 1.2.2 Wordpress Wordpress 1.2.3 Wordpress Wordpress 1.1.1 Wordpress Wordpress 3.0.3 Wordpress Wordpress 3.0.5 Wordpress Wordpress 3.0.6 Wordpress Wordpress 3.1 Wordpress Wordpress 3.2 Wordpress Wordpress Wordpress Wordpress 2.6.2 Wordpress Wordpress 2.2.3 Wordpress Wordpress 2.2 Wordpress Wordpress 2.3.3 Wordpress Wordpress 2.0 Wordpress Wordpress 2.3.2 Wordpress Wordpress 2.0.7 Wordpress Wordpress 2.1.1 Wordpress Wordpress 2.9.1 Wordpress Wordpress 2.5 Wordpress Wordpress 2.8.5.2 Wordpress Wordpress 2.8.2 Wordpress Wordpress 1.2.1 Wordpress Wordpress 1.0.2 Wordpress Wordpress 1.2.4 Wordpress Wordpress 3.0.2 Wordpress Wordpress 3.0.4 Wordpress Wordpress 3.2.1 Wordpress Wordpress 3.4.0

6.4

CVSSv2

The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue....

Wordpress Wordpress 2.6.2 Wordpress Wordpress 2.1.3 Wordpress Wordpress 2.2.3 Wordpress Wordpress 2.3 Wordpress Wordpress 2.2.2 Wordpress Wordpress 2.3.2 Wordpress Wordpress 2.0.1 Wordpress Wordpress 2.0.10 Wordpress Wordpress 2.6.5 Wordpress Wordpress 2.5 Wordpress Wordpress 2.8.3 Wordpress Wordpress 2.7.1 Wordpress Wordpress Wordpress Wordpress 2.0.11 Wordpress Wordpress 1.6.2 Wordpress Wordpress 2.0.6 Wordpress Wordpress 2.0.4 Wordpress Wordpress 1.2.1 Wordpress Wordpress 0.71 Wordpress Wordpress 2.0.9 Wordpress Wordpress 2.8.1 Wordpress Wordpress 1.0.1 Wordpress Wordpress 2.9 Wordpress Wordpress 2.3.1 Wordpress Wordpress 1.0.2 Wordpress Wordpress 3.3.2 Wordpress Wordpress 2.6.1 Wordpress Wordpress 1.2 Wordpress Wordpress 2.9.2 Wordpress Wordpress 1.2.2 Wordpress Wordpress 1.5 Wordpress Wordpress 1.5.1 Wordpress Wordpress 2.9.1.1 Wordpress Wordpress 1.3 Wordpress Wordpress 2.8.5 Wordpress Wordpress 2.0.8 Wordpress Wordpress 2.8.5.2 Wordpress Wordpress 1.2.3 Wordpress Wordpress 3.4.0 Wordpress Wordpress 1.3.3 Wordpress Wordpress 2.8.6 Wordpress Wordpress 2.0 Wordpress Wordpress 2.1.1 Wordpress Wordpress 2.0.2 Wordpress Wordpress 2.1 Wordpress Wordpress 1.1.1 Wordpress Wordpress 1.2.4 Wordpress Wordpress 2.8.4 Wordpress Wordpress 2.2 Wordpress Wordpress 1.3.2 Wordpress Wordpress 2.8 Wordpress Wordpress 3.3.3 Wordpress Wordpress 2.0.7 Wordpress Wordpress 2.1.2 Wordpress Wordpress 1.2.5 Wordpress Wordpress 2.6.3 Wordpress Wordpress 2.0.5 Wordpress Wordpress 2.3.3 Wordpress Wordpress 1.5.1.1 Wordpress Wordpress 2.2.1 Wordpress Wordpress 2.7 Wordpress Wordpress 1.5.2 Wordpress Wordpress 2.5.1 Wordpress Wordpress 1.5.1.2 Wordpress Wordpress 2.8.5.1 Wordpress Wordpress 3.3.1 Wordpress Wordpress 2.9.1 Wordpress Wordpress 1.0 Wordpress Wordpress 3.3 Wordpress Wordpress 2.8.2 Wordpress Wordpress 3.4.2 Wordpress Wordpress 3.4.1 Wordpress Wordpress 1.5.1.3 Wordpress Wordpress 2.61 Metasploit module available1 Github repository available

6.5

CVSSv2

The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role....

Wordpress Wordpress 2.5.1 Wordpress Wordpress 2.1.3 Wordpress Wordpress 2.2.3 Wordpress Wordpress 2.3 Wordpress Wordpress 2.0.8 Wordpress Wordpress 2.8 Wordpress Wordpress 2.0.1 Wordpress Wordpress 2.0.10 Wordpress Wordpress 2.0.11 Wordpress Wordpress 2.6.2 Wordpress Wordpress 2.2 Wordpress Wordpress 2.3.3 Wordpress Wordpress 2.8.5.2 Wordpress Wordpress 2.8.6 Wordpress Wordpress 2.0 Wordpress Wordpress 2.1.1 Wordpress Wordpress 1.2.4 Wordpress Wordpress 2.8.4 Wordpress Wordpress 1.2.1 Wordpress Wordpress 3.0 Wordpress Wordpress 2.0.7 Wordpress Wordpress 2.1.2 Wordpress Wordpress 3.0.1 Wordpress Wordpress 1.2.5 Wordpress Wordpress 2.6.3 Wordpress Wordpress 2.0.5 Wordpress Wordpress Wordpress Wordpress 2.7 Wordpress Wordpress 2.6.1 Wordpress Wordpress 2.9.2 Wordpress Wordpress 2.5 Wordpress Wordpress 2.9.1 Wordpress Wordpress 1.5 Wordpress Wordpress 2.8.2 Wordpress Wordpress 2.3.2 Wordpress Wordpress 2.6 Wordpress Wordpress 1.2.3 Wordpress Wordpress 1.3.3 Wordpress Wordpress 2.0.2 Wordpress Wordpress 2.1 Wordpress Wordpress 1.1.1 Wordpress Wordpress 2.0.6 Wordpress Wordpress 2.0.4 Wordpress Wordpress 1.3.2 Wordpress Wordpress 2.7.1 Wordpress Wordpress 0.71 Wordpress Wordpress 2.8.3 Wordpress Wordpress 2.6.5 Wordpress Wordpress 2.2.2 Wordpress Wordpress 1.5.1.1 Wordpress Wordpress 2.0.9 Wordpress Wordpress 2.8.1 Wordpress Wordpress 2.2.1 Wordpress Wordpress 1.5.2 Wordpress Wordpress 1.0.1 Wordpress Wordpress 2.9 Wordpress Wordpress 2.3.1 Wordpress Wordpress 1.0.2 Wordpress Wordpress 1.5.1.2 Wordpress Wordpress 1.2 Wordpress Wordpress 2.8.5.1 Wordpress Wordpress 1.2.2 Wordpress Wordpress 1.0 Wordpress Wordpress 1.5.1 Wordpress Wordpress 1.5.1.3 Wordpress Wordpress 2.9.1.1 Wordpress Wordpress 1.3 Wordpress Wordpress 2.8.5

7.5

CVSSv2

SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file....

Wordpress Wordpress 1.0 Wordpress Wordpress 1.0.1 Wordpress Wordpress 1.5 Wordpress Wordpress 1.5.1 Wordpress Wordpress 1.5.1.2 Wordpress Wordpress 1.0.2 Wordpress Wordpress 1.21 EDB exploit available

4.3

CVSSv2

Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p or (2) comment parameter....

Wordpress Wordpress 1.0 Wordpress Wordpress 1.0.1 Wordpress Wordpress 1.5 Wordpress Wordpress 1.5.1 Wordpress Wordpress 1.5.1.2 Wordpress Wordpress 1.0.2 Wordpress Wordpress 1.2

4.3

CVSSv2

wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors....

Wordpress Wordpress 2.6.2 Wordpress Wordpress 2.0.8 Wordpress Wordpress 1.5.1.2 Wordpress Wordpress 1.5.1.3 Wordpress Wordpress 2.0.2 Wordpress Wordpress 2.0.4 Wordpress Wordpress 3.0.3 Wordpress Wordpress 2.8.3 Wordpress Wordpress 3.0.5 Wordpress Wordpress 2.8.6 Wordpress Wordpress 2.2.2 Wordpress Wordpress 3.0.1 Wordpress Wordpress 1.0.2 Wordpress Wordpress 2.9 Wordpress Wordpress 1.2.5 Wordpress Wordpress 2.5 Wordpress Wordpress 2.7.1 Wordpress Wordpress 3.1.2 Wordpress Wordpress 1.3.2 Wordpress Wordpress Wordpress Wordpress 2.2 Wordpress Wordpress 2.2.1 Wordpress Wordpress 2.3.2 Wordpress Wordpress 2.0.1 Wordpress Wordpress 2.0.7 Wordpress Wordpress 2.1 Wordpress Wordpress 2.8.2 Wordpress Wordpress 2.5.1 Wordpress Wordpress 2.8.4 Wordpress Wordpress 3.0.6 Wordpress Wordpress 1.5 Wordpress Wordpress 2.9.2 Wordpress Wordpress 1.5.1 Wordpress Wordpress 1.0 Wordpress Wordpress 1.0.1 Wordpress Wordpress 1.2.4 Wordpress Wordpress 3.1.3 Wordpress Wordpress 2.8.5.2 Wordpress Wordpress 1.3.3 Wordpress Wordpress 2.8 Wordpress Wordpress 2.0.9 Wordpress Wordpress 1.5.2 Wordpress Wordpress 2.0 Wordpress Wordpress 2.0.5 Wordpress Wordpress 2.0.6 Wordpress Wordpress 2.8.5 Wordpress Wordpress 2.8.1 Wordpress Wordpress 2.6.3 Wordpress Wordpress 3.1 Wordpress Wordpress 3.0.2 Wordpress Wordpress 3.0 Wordpress Wordpress 1.2 Wordpress Wordpress 2.9.1 Wordpress Wordpress 1.2.3 Wordpress Wordpress 2.9.1.1 Wordpress Wordpress 3.0.4 Wordpress Wordpress 2.8.5.1 Wordpress Wordpress 2.0.11 Wordpress Wordpress 2.1.3 Wordpress Wordpress 2.2.3 Wordpress Wordpress 1.5.1.1 Wordpress Wordpress 2.3.1 Wordpress Wordpress 3.3 Wordpress Wordpress 2.0.10 Wordpress Wordpress 2.1.1 Wordpress Wordpress 2.1.2 Wordpress Wordpress 2.7 Wordpress Wordpress 2.3 Wordpress Wordpress 2.3.3 Wordpress Wordpress 2.6.1 Wordpress Wordpress 2.6 Wordpress Wordpress 1.2.1 Wordpress Wordpress 1.2.2 Wordpress Wordpress 2.6.5 Wordpress Wordpress 0.71 Wordpress Wordpress 1.1.1 Wordpress Wordpress 3.1.1 Wordpress Wordpress 1.3

4.9

CVSSv2

wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action....

Wordpress Wordpress 2.0.6 Wordpress Wordpress 2.0.7 Wordpress Wordpress 2.0.8 Wordpress Wordpress 2.0.9 Wordpress Wordpress 2.5 Wordpress Wordpress 2.5.1 Wordpress Wordpress 2.6 Wordpress Wordpress 2.6.1 Wordpress Wordpress 2.6.2 Wordpress Wordpress 2.8.5.2 Wordpress Wordpress 2.8.6 Wordpress Wordpress 2.9 Wordpress Wordpress 2.0.11 Wordpress Wordpress 2.0 Wordpress Wordpress 2.1.1 Wordpress Wordpress 2.2.3 Wordpress Wordpress 2.0.1 Wordpress Wordpress 2.0.4 Wordpress Wordpress 2.2 Wordpress Wordpress 2.1.3 Wordpress Wordpress 2.8 Wordpress Wordpress 2.6.3 Wordpress Wordpress 2.8.3 Wordpress Wordpress 2.8.4 Wordpress Wordpress 2.2.2 Wordpress Wordpress 2.8.1 Wordpress Wordpress 2.2.1 Wordpress Wordpress 2.7 Wordpress Wordpress 2.8.5.1 Wordpress Wordpress 2.0.10 Wordpress Wordpress 2.9.1 Wordpress Wordpress 2.8.2 Wordpress Wordpress Wordpress Wordpress 2.9.1.1 Wordpress Wordpress 2.3.2 Wordpress Wordpress 2.3 Wordpress Wordpress 2.0.2 Wordpress Wordpress 2.1 Wordpress Wordpress 3.0 Wordpress Wordpress 2.1.2 Wordpress Wordpress 2.7.1 Wordpress Wordpress 2.0.5 Wordpress Wordpress 2.6.5 Wordpress Wordpress 2.3.3 Wordpress Wordpress 2.3.1 Wordpress Wordpress 2.9.2 Wordpress Wordpress 2.8.51 Github repository available

4.3

CVSSv2

Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin's author field, which is not properly handled during a Delete Plugin action....

Wordpress Wordpress 2.0.4 Wordpress Wordpress 2.0.5 Wordpress Wordpress 2.0.6 Wordpress Wordpress 2.0.7 Wordpress Wordpress 2.0.8 Wordpress Wordpress 2.3.3 Wordpress Wordpress 2.5 Wordpress Wordpress 2.5.1 Wordpress Wordpress 2.6 Wordpress Wordpress 2.8.5.1 Wordpress Wordpress 2.8.5.2 Wordpress Wordpress 2.8.6 Wordpress Wordpress 2.0 Wordpress Wordpress 2.2.3 Wordpress Wordpress 2.0.2 Wordpress Wordpress 2.1 Wordpress Wordpress 2.0.1 Wordpress Wordpress 2.8.4 Wordpress Wordpress 2.2 Wordpress Wordpress 2.1.3 Wordpress Wordpress 3.0 Wordpress Wordpress 2.8 Wordpress Wordpress 2.1.2 Wordpress Wordpress 2.7.1 Wordpress Wordpress 2.6.5 Wordpress Wordpress 2.2.2 Wordpress Wordpress 2.8.1 Wordpress Wordpress 2.2.1 Wordpress Wordpress 2.6.2 Wordpress Wordpress 2.9 Wordpress Wordpress 2.3.1 Wordpress Wordpress 2.9.2 Wordpress Wordpress 2.0.10 Wordpress Wordpress 2.9.1 Wordpress Wordpress 2.8.2 Wordpress Wordpress 2.8.5 Wordpress Wordpress 2.0.11 Wordpress Wordpress 2.1.1 Wordpress Wordpress 2.6.3 Wordpress Wordpress 2.8.3 Wordpress Wordpress 2.0.9 Wordpress Wordpress 2.7 Wordpress Wordpress 2.6.1 Wordpress Wordpress Wordpress Wordpress 2.9.1.1 Wordpress Wordpress 2.3.2 Wordpress Wordpress 2.31 Github repository available

4.3

CVSSv2

wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2)...

Get Started

« PREV 1 2 3 4 5 6 7 8 9 10 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook