wordpress vulnerabilities and exploits

(subscribe to this query)

NA

The default configuration of SWFUpload in WordPress before 3.5.2 has an unrestrictive security.allowDomain setting, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site....

Wordpress Wordpress 3.4.0 Wordpress Wordpress 3.3 Wordpress Wordpress 2.1.3 Wordpress Wordpress 2.2.3 Wordpress Wordpress 2.8.6 Wordpress Wordpress 2.6.3 Wordpress Wordpress 2.3.2 Wordpress Wordpress 2.0.1 Wordpress Wordpress 3.3.2 Wordpress Wordpress 2.5.1 Wordpress Wordpress 2.0.9 Wordpress Wordpress 2.2 Wordpress Wordpress 2.6 Wordpress Wordpress 2.3.1 Wordpress Wordpress 2.0.4 Wordpress Wordpress 2.0.5 Wordpress Wordpress 2.9 Wordpress Wordpress 2.9.1 Wordpress Wordpress 2.8.5.1 Wordpress Wordpress 2.8.1 Wordpress Wordpress 1.6.2 Wordpress Wordpress 1.5.2 Wordpress Wordpress 1.0.1 Wordpress Wordpress 1.2.5 Wordpress Wordpress 1.3.2 Wordpress Wordpress 0.71 Wordpress Wordpress 3.3.1 Wordpress Wordpress 3.3.3 Wordpress Wordpress 2.3 Wordpress Wordpress 2.0.8 Wordpress Wordpress 2.8 Wordpress Wordpress 2.8.4 Wordpress Wordpress 2.6.1 Wordpress Wordpress 2.0.10 Wordpress Wordpress 2.0.2 Wordpress Wordpress 2.9.2 Wordpress Wordpress 2.7 Wordpress Wordpress 2.8.5 Wordpress Wordpress 2.9.1.1 Wordpress Wordpress 1.5.1.2 Wordpress Wordpress 1.5.1.3 Wordpress Wordpress 1.2 Wordpress Wordpress 1.0 Wordpress Wordpress 1.3.3 Wordpress Wordpress 1.3 Wordpress Wordpress 2.1 Wordpress Wordpress 2.1.1 Wordpress Wordpress 2.1.2 Wordpress Wordpress 2.8.3 Wordpress Wordpress 2.7.1 Wordpress Wordpress 2.8.2 Wordpress Wordpress 1.5.1.1 Wordpress Wordpress 1.2.2 Wordpress Wordpress 1.0.2 Wordpress Wordpress 1.2.4 Wordpress Wordpress 1.1.1 Wordpress Wordpress 3.4.2 Wordpress Wordpress 3.4.1 Wordpress Wordpress 2.0.11 Wordpress Wordpress 2.6.2 Wordpress Wordpress 2.2.1 Wordpress Wordpress 2.3.3 Wordpress Wordpress 2.0 Wordpress Wordpress 2.2.2 Wordpress Wordpress 2.0.6 Wordpress Wordpress 2.0.7 Wordpress Wordpress 2.6.5 Wordpress Wordpress 2.5 Wordpress Wordpress 2.8.5.2 Wordpress Wordpress 1.5 Wordpress Wordpress 1.5.1 Wordpress Wordpress 1.2.1 Wordpress Wordpress 1.2.3 Wordpress Wordpress 3.5.0 Wordpress Wordpress1 Github repository available

NA

** DISPUTED ** The wp_create_nonce function in wp-includes/pluggable.php in WordPress 3.3.1 and earlier associates a nonce with a user account instead of a user session, which might make it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks on...

Wordpress Wordpress 3.0.3 Wordpress Wordpress 3.0.1 Wordpress Wordpress 3.1.4 Wordpress Wordpress 3.2 Wordpress Wordpress 2.3.1 Wordpress Wordpress 2.7 Wordpress Wordpress 2.8.4 Wordpress Wordpress 2.9.2 Wordpress Wordpress 2.3.2 Wordpress Wordpress 2.0 Wordpress Wordpress 2.0.7 Wordpress Wordpress 2.1 Wordpress Wordpress 2.6 Wordpress Wordpress 2.2.2 Wordpress Wordpress 2.5 Wordpress Wordpress 1.5.1 Wordpress Wordpress 1.2.1 Wordpress Wordpress 1.5.1.3 Wordpress Wordpress 1.5.2 Wordpress Wordpress 1.3.2 Wordpress Wordpress 3.1.1 Wordpress Wordpress 3.1 Wordpress Wordpress 3.0 Wordpress Wordpress 3.2.1 Wordpress Wordpress 2.8 Wordpress Wordpress 2.0.9 Wordpress Wordpress 2.3 Wordpress Wordpress 2.6.3 Wordpress Wordpress 2.2 Wordpress Wordpress 2.2.1 Wordpress Wordpress 2.0.5 Wordpress Wordpress 2.0.6 Wordpress Wordpress 2.8.6 Wordpress Wordpress 2.6.1 Wordpress Wordpress 1.5.1.1 Wordpress Wordpress 1.5 Wordpress Wordpress 1.0.1 Wordpress Wordpress 1.5.1.2 Wordpress Wordpress 1.1.1 Wordpress Wordpress 1.3.3 Wordpress Wordpress 1.3 Wordpress Wordpress Wordpress Wordpress 3.3 Wordpress Wordpress 3.0.2 Wordpress Wordpress 2.0.11 Wordpress Wordpress 2.6.2 Wordpress Wordpress 2.8.3 Wordpress Wordpress 2.8.5 Wordpress Wordpress 2.9 Wordpress Wordpress 2.9.1 Wordpress Wordpress 2.6.5 Wordpress Wordpress 2.0.1 Wordpress Wordpress 2.0.10 Wordpress Wordpress 2.1.1 Wordpress Wordpress 2.1.2 Wordpress Wordpress 2.9.1.1 Wordpress Wordpress 2.8.5.1 Wordpress Wordpress 1.2.2 Wordpress Wordpress 1.0.2 Wordpress Wordpress 1.2.5 Wordpress Wordpress 3.1.3 Wordpress Wordpress 3.1.2 Wordpress Wordpress 3.0.5 Wordpress Wordpress 3.0.4 Wordpress Wordpress 3.0.6 Wordpress Wordpress 2.2.3 Wordpress Wordpress 2.0.8 Wordpress Wordpress 2.8.1 Wordpress Wordpress 2.8.2 Wordpress Wordpress 2.7.1 Wordpress Wordpress 2.1.3 Wordpress Wordpress 2.0.2 Wordpress Wordpress 2.0.4 Wordpress Wordpress 2.5.1 Wordpress Wordpress 2.3.3 Wordpress Wordpress 2.8.5.2 Wordpress Wordpress 1.2 Wordpress Wordpress 1.0 Wordpress Wordpress 1.2.3 Wordpress Wordpress 1.2.41 EDB exploit available

NA

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) gallery shortcodes or (2) the content of a post....

Wordpress Wordpress Wordpress Wordpress 3.4.2 Wordpress Wordpress 3.4.1 Wordpress Wordpress 3.4.0 Wordpress Wordpress 2.2 Wordpress Wordpress 2.2.1 Wordpress Wordpress 2.3.3 Wordpress Wordpress 2.8.6 Wordpress Wordpress 2.0.5 Wordpress Wordpress 2.0.6 Wordpress Wordpress 2.0.7 Wordpress Wordpress 2.1 Wordpress Wordpress 2.8.1 Wordpress Wordpress 2.8.5.2 Wordpress Wordpress 2.8.4 Wordpress Wordpress 2.8.2 Wordpress Wordpress 1.2.5 Wordpress Wordpress 1.2.3 Wordpress Wordpress 1.2.4 Wordpress Wordpress 3.3.1 Wordpress Wordpress 3.3.2 Wordpress Wordpress 2.2.3 Wordpress Wordpress 2.0.8 Wordpress Wordpress 2.0.9 Wordpress Wordpress 2.6.3 Wordpress Wordpress 2.6.1 Wordpress Wordpress 2.0.10 Wordpress Wordpress 2.0.4 Wordpress Wordpress 2.1.1 Wordpress Wordpress 2.9.2 Wordpress Wordpress 2.9 Wordpress Wordpress 2.7.1 Wordpress Wordpress 2.9.1.1 Wordpress Wordpress 1.5.1.2 Wordpress Wordpress 2.5.1 Wordpress Wordpress 2.0.11 Wordpress Wordpress 2.6.2 Wordpress Wordpress 2.1.3 Wordpress Wordpress 2.3.1 Wordpress Wordpress 2.0 Wordpress Wordpress 2.2.2 Wordpress Wordpress 2.3.2 Wordpress Wordpress 2.9.1 Wordpress Wordpress 2.6.5 Wordpress Wordpress 2.5 Wordpress Wordpress 2.8.3 Wordpress Wordpress 1.5.2 Wordpress Wordpress 1.5 Wordpress Wordpress 1.5.1 Wordpress Wordpress 1.2.1 Wordpress Wordpress 1.2.2 Wordpress Wordpress 0.71 Wordpress Wordpress 1.6.2 Wordpress Wordpress 1.2 Wordpress Wordpress 1.0.1 Wordpress Wordpress 1.1.1 Wordpress Wordpress 1.3 Wordpress Wordpress 3.3 Wordpress Wordpress 3.3.3 Wordpress Wordpress 2.3 Wordpress Wordpress 2.8 Wordpress Wordpress 2.6 Wordpress Wordpress 2.0.1 Wordpress Wordpress 2.0.2 Wordpress Wordpress 2.1.2 Wordpress Wordpress 2.7 Wordpress Wordpress 2.8.5 Wordpress Wordpress 2.8.5.1 Wordpress Wordpress 1.5.1.1 Wordpress Wordpress 1.5.1.3 Wordpress Wordpress 1.0.2 Wordpress Wordpress 1.0 Wordpress Wordpress 1.3.3 Wordpress Wordpress 1.3.2

NA

Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie....

Wordpress Wordpress 1.5.1 Wordpress Wordpress 1.5.1.2 Wordpress Wordpress 1.5.1.3 Wordpress Wordpress 1.0 Wordpress Wordpress 1.0.1 Wordpress Wordpress 1.2 Wordpress Wordpress 1.0.2 Wordpress Wordpress 1.51 EDB exploit available1 Metasploit module available

NA

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote attackers to determine usernames of non-authors via canonical redirects....

Wordpress Wordpress 3.1.2 Wordpress Wordpress 3.2 Wordpress Wordpress 3.1 Wordpress Wordpress 3.1.1

NA

The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames....

Wordpress Wordpress 3.1 Wordpress Wordpress 3.1.1 Wordpress Wordpress 3.1.2 Wordpress Wordpress 3.2

NA

** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters,...

Wordpress Wordpress 3.2.1 Wordpress Wordpress 3.1.4 Wordpress Wordpress 3.1.3 Wordpress Wordpress 3.1.2 Wordpress Wordpress 2.8.5 Wordpress Wordpress 2.8.4 Wordpress Wordpress 2.8.3 Wordpress Wordpress 2.8.2 Wordpress Wordpress 2.3.2 Wordpress Wordpress 2.3.1 Wordpress Wordpress 2.3 Wordpress Wordpress 2.2.3 Wordpress Wordpress 2.0.5 Wordpress Wordpress 2.0.4 Wordpress Wordpress 2.0.3 Wordpress Wordpress 2.0.2 Wordpress Wordpress 0.72 Wordpress Wordpress 0.711 Wordpress Wordpress 0.71 Wordpress Wordpress 0.7 Wordpress Wordpress 3.0.4 Wordpress Wordpress 3.0.3 Wordpress Wordpress 3.0.2 Wordpress Wordpress 3.0.1 Wordpress Wordpress 2.6.5 Wordpress Wordpress 2.6.3 Wordpress Wordpress 2.6.2 Wordpress Wordpress 2.6.1 Wordpress Wordpress 2.1.1 Wordpress Wordpress 2.1 Wordpress Wordpress 2.0.11 Wordpress Wordpress 2.0.10 Wordpress Wordpress 1.5.1.2 Wordpress Wordpress 1.5.1 Wordpress Wordpress 1.5 Wordpress Wordpress 1.2.2 Wordpress Wordpress 1.2.1 Wordpress Wordpress 3.3 Wordpress Wordpress 3.1.1 Wordpress Wordpress 3.0.6 Wordpress Wordpress 2.9.2 Wordpress Wordpress 2.9 Wordpress Wordpress 2.8 Wordpress Wordpress 2.7 Wordpress Wordpress 2.6 Wordpress Wordpress 2.5 Wordpress Wordpress 2.2.1 Wordpress Wordpress 2.1.3 Wordpress Wordpress 2.0.8 Wordpress Wordpress 2.0.6 Wordpress Wordpress 2.0.1 Wordpress Wordpress 1.5.2 Wordpress Wordpress 1.2 Wordpress Wordpress 1.0.1 Wordpress Wordpress Wordpress Wordpress 3.1 Wordpress Wordpress 3.0.5 Wordpress Wordpress 3.0 Wordpress Wordpress 2.9.1 Wordpress Wordpress 2.8.6 Wordpress Wordpress 2.8.1 Wordpress Wordpress 2.7.1 Wordpress Wordpress 2.5.1 Wordpress Wordpress 2.3.3 Wordpress Wordpress 2.2.2 Wordpress Wordpress 2.2 Wordpress Wordpress 2.1.2 Wordpress Wordpress 2.0.9 Wordpress Wordpress 2.0.7 Wordpress Wordpress 2.0 Wordpress Wordpress 1.5.1.3 Wordpress Wordpress 1.0.2 Wordpress Wordpress 1.01 EDB exploit available

NA

** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname parameter....

Wordpress Wordpress 3.0.3 Wordpress Wordpress 3.0.2 Wordpress Wordpress 3.0.1 Wordpress Wordpress 3.0 Wordpress Wordpress 2.9.2 Wordpress Wordpress 2.6.3 Wordpress Wordpress 2.6.2 Wordpress Wordpress 2.6.1 Wordpress Wordpress 2.6 Wordpress Wordpress 2.1 Wordpress Wordpress 2.0.11 Wordpress Wordpress 2.0.10 Wordpress Wordpress 2.0.9 Wordpress Wordpress 1.5 Wordpress Wordpress 1.2.2 Wordpress Wordpress 1.2.1 Wordpress Wordpress 1.2 Wordpress Wordpress 3.1.4 Wordpress Wordpress 3.1.3 Wordpress Wordpress 3.1.2 Wordpress Wordpress 3.1.1 Wordpress Wordpress 2.8.4 Wordpress Wordpress 2.8.3 Wordpress Wordpress 2.8.2 Wordpress Wordpress 2.8.1 Wordpress Wordpress 2.3 Wordpress Wordpress 2.2.3 Wordpress Wordpress 2.2.2 Wordpress Wordpress 2.2.1 Wordpress Wordpress 2.0.4 Wordpress Wordpress 2.0.3 Wordpress Wordpress 2.0.2 Wordpress Wordpress 2.0.1 Wordpress Wordpress 0.711 Wordpress Wordpress 0.71 Wordpress Wordpress 0.7 Wordpress Wordpress Wordpress Wordpress 3.2.1 Wordpress Wordpress 3.1 Wordpress Wordpress 3.0.5 Wordpress Wordpress 2.9.1 Wordpress Wordpress 2.8.6 Wordpress Wordpress 2.7.1 Wordpress Wordpress 2.6.5 Wordpress Wordpress 2.5.1 Wordpress Wordpress 2.3.3 Wordpress Wordpress 2.3.1 Wordpress Wordpress 2.2 Wordpress Wordpress 2.1.2 Wordpress Wordpress 2.0.7 Wordpress Wordpress 2.0.5 Wordpress Wordpress 2.0 Wordpress Wordpress 1.5.1.3 Wordpress Wordpress 1.5.1 Wordpress Wordpress 1.0.2 Wordpress Wordpress 1.0 Wordpress Wordpress 3.3 Wordpress Wordpress 3.0.6 Wordpress Wordpress 3.0.4 Wordpress Wordpress 2.9 Wordpress Wordpress 2.8.5 Wordpress Wordpress 2.8 Wordpress Wordpress 2.7 Wordpress Wordpress 2.5 Wordpress Wordpress 2.3.2 Wordpress Wordpress 2.1.3 Wordpress Wordpress 2.1.1 Wordpress Wordpress 2.0.8 Wordpress Wordpress 2.0.6 Wordpress Wordpress 1.5.2 Wordpress Wordpress 1.5.1.2 Wordpress Wordpress 1.0.1 Wordpress Wordpress 0.721 EDB exploit available

NA

Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a...

Wordpress Wordpress 2.8 Wordpress Wordpress 2.0.9 Wordpress Wordpress 2.0 Wordpress Wordpress 2.3.2 Wordpress Wordpress 2.0.6 Wordpress Wordpress 2.0.7 Wordpress Wordpress 2.8.5 Wordpress Wordpress 2.8.1 Wordpress Wordpress 3.1 Wordpress Wordpress 2.8.4 Wordpress Wordpress 3.0 Wordpress Wordpress 1.5 Wordpress Wordpress 1.2 Wordpress Wordpress 2.9.1 Wordpress Wordpress 1.0 Wordpress Wordpress 1.2.3 Wordpress Wordpress 1.2.4 Wordpress Wordpress 3.0.4 Wordpress Wordpress 2.8.5.1 Wordpress Wordpress 2.6.2 Wordpress Wordpress 2.0.8 Wordpress Wordpress 1.5.1.3 Wordpress Wordpress 1.5.2 Wordpress Wordpress 2.0.4 Wordpress Wordpress 2.0.5 Wordpress Wordpress 3.0.3 Wordpress Wordpress 2.8.3 Wordpress Wordpress 2.8.6 Wordpress Wordpress 2.6.3 Wordpress Wordpress 3.0.1 Wordpress Wordpress 3.0.2 Wordpress Wordpress 1.0.2 Wordpress Wordpress 2.9 Wordpress Wordpress 2.5 Wordpress Wordpress 1.2.5 Wordpress Wordpress 3.1.2 Wordpress Wordpress Wordpress Wordpress 2.0.11 Wordpress Wordpress 2.2 Wordpress Wordpress 2.2.1 Wordpress Wordpress 2.0.1 Wordpress Wordpress 3.3 Wordpress Wordpress 2.1 Wordpress Wordpress 2.1.1 Wordpress Wordpress 2.8.2 Wordpress Wordpress 2.5.1 Wordpress Wordpress 2.3 Wordpress Wordpress 3.0.6 Wordpress Wordpress 2.6.1 Wordpress Wordpress 2.9.2 Wordpress Wordpress 1.5.1 Wordpress Wordpress 1.0.1 Wordpress Wordpress 2.6.5 Wordpress Wordpress 3.1.3 Wordpress Wordpress 1.1.1 Wordpress Wordpress 2.8.5.2 Wordpress Wordpress 1.3.3 Wordpress Wordpress 2.9.1.1 Wordpress Wordpress 1.3.2 Wordpress Wordpress 2.1.3 Wordpress Wordpress 2.2.3 Wordpress Wordpress 1.5.1.1 Wordpress Wordpress 2.3.1 Wordpress Wordpress 1.5.1.2 Wordpress Wordpress 2.0.10 Wordpress Wordpress 2.0.2 Wordpress Wordpress 2.1.2 Wordpress Wordpress 2.7 Wordpress Wordpress 2.3.3 Wordpress Wordpress 3.0.5 Wordpress Wordpress 2.6 Wordpress Wordpress 2.2.2 Wordpress Wordpress 1.2.1 Wordpress Wordpress 1.2.2 Wordpress Wordpress 0.71 Wordpress Wordpress 3.1.1 Wordpress Wordpress 2.7.1 Wordpress Wordpress 1.31 Github repository available

NA

wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match....

Wordpress Wordpress 2.0.11 Wordpress Wordpress 2.0.2 Wordpress Wordpress 2.0.4 Wordpress Wordpress 2.0.5 Wordpress Wordpress 2.3.1 Wordpress Wordpress 2.3.2 Wordpress Wordpress 2.3.3 Wordpress Wordpress 2.5 Wordpress Wordpress 2.8.4 Wordpress Wordpress 2.8.5 Wordpress Wordpress 2.8.5.1 Wordpress Wordpress 2.8.5.2 Wordpress Wordpress 2.0 Wordpress Wordpress 2.0.10 Wordpress Wordpress 2.0.6 Wordpress Wordpress 2.0.8 Wordpress Wordpress 2.1 Wordpress Wordpress 2.2.1 Wordpress Wordpress 2.2.3 Wordpress Wordpress 2.6 Wordpress Wordpress 2.6.2 Wordpress Wordpress 2.8 Wordpress Wordpress 2.8.2 Wordpress Wordpress 2.8.6 Wordpress Wordpress 2.9.1 Wordpress Wordpress 2.1.1 Wordpress Wordpress 2.1.2 Wordpress Wordpress 2.1.3 Wordpress Wordpress 2.2 Wordpress Wordpress 2.6.3 Wordpress Wordpress 2.6.5 Wordpress Wordpress 2.7 Wordpress Wordpress 2.7.1 Wordpress Wordpress 2.9.2 Wordpress Wordpress Wordpress Wordpress 3.0 Wordpress Wordpress 2.0.1 Wordpress Wordpress 2.0.7 Wordpress Wordpress 2.0.9 Wordpress Wordpress 2.2.2 Wordpress Wordpress 2.3 Wordpress Wordpress 2.5.1 Wordpress Wordpress 2.6.1 Wordpress Wordpress 2.8.1 Wordpress Wordpress 2.8.3 Wordpress Wordpress 2.9 Wordpress Wordpress 2.9.1.11 Github repository available

Get Started

« PREV 1 2 3 4 5 6 7 8 9 10 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook