Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.6 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2009-3703
Multiple SQL injection vulnerabilities in the WP-Forum plugin prior to 2.4 for WordPress allow remote malicious users to execute arbitrary SQL commands via (1) the search_max parameter in a search action to the default URI, related to wpf.class.php; (2) the forum parameter to an ...
Fahlstad Wp-forum
Fahlstad Wp-forum 1.5
Fahlstad Wp-forum 1.6
Fahlstad Wp-forum 1.7
Fahlstad Wp-forum 1.7.3
Fahlstad Wp-forum 1.7.4
Fahlstad Wp-forum 1.7.8
Fahlstad Wp-forum 1.8
Fahlstad Wp-forum 2.0
Fahlstad Wp-forum 2.1
1 EDB exploit
4.3
CVSSv2
CVE-2011-5207
Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress prior to 1.1.6 prior to 2011-12-31 allows remote malicious users to inject arbitrary web script or HTML via the tcp_name_post_XXXXX parameter.
Thecartpress Thecartpress
Thecartpress Thecartpress 1.0
Thecartpress Thecartpress 1.0.1
Thecartpress Thecartpress 1.0.2
Thecartpress Thecartpress 1.0.3
Thecartpress Thecartpress 1.0.4
Thecartpress Thecartpress 1.0.5
Thecartpress Thecartpress 1.0.6
Thecartpress Thecartpress 1.0.7
Thecartpress Thecartpress 1.0.8
Thecartpress Thecartpress 1.0.9
Thecartpress Thecartpress 1.1.0
Thecartpress Thecartpress 1.1.1
Thecartpress Thecartpress 1.1.2
Thecartpress Thecartpress 1.1.3
Thecartpress Thecartpress 1.1.4
Thecartpress Thecartpress 1.1.5
1 EDB exploit
7.5
CVSSv2
CVE-2012-6625
SQL injection vulnerability in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin prior to 1.7.4 for WordPress allows remote malicious users to execute arbitrary SQL commands via the groupid parameter in an editgroup action.
Vasthtml Forumpress 1.5.1
Vasthtml Forumpress 1.6.2
Vasthtml Forumpress 1.6.9
Vasthtml Forumpress 1.3
Vasthtml Forumpress 1.6.8
Vasthtml Forumpress 1.7.1
Vasthtml Forumpress 1.6.5
Vasthtml Forumpress 1.0
Vasthtml Forumpress 1.6.3
Vasthtml Forumpress 1.7
Vasthtml Forumpress 1.5
Vasthtml Forumpress 1.4
Vasthtml Forumpress 1.5.2
Vasthtml Forumpress 1.6.6
Vasthtml Forumpress 1.2
Vasthtml Forumpress 1.1
Vasthtml Forumpress 1.6.7
Vasthtml Forumpress 1.7.3
Vasthtml Forumpress 1.6
Vasthtml Forumpress 1.7.2
Vasthtml Forumpress
Vasthtml Forumpress 1.6.4
1 EDB exploit
3.5
CVSSv2
CVE-2018-10309
The Responsive Cookie Consent plugin prior to 1.8 for WordPress mishandles number fields, leading to XSS.
Responsive Cookie Consent Project Responsive Cookie Consent
1 EDB exploit
6.8
CVSSv2
CVE-2013-4240
Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS Testimonials plugin prior to 2.0.11 for WordPress allow remote malicious users to hijack the authentication of administrators for requests that (1) add new testimonials via the hms-testimonials-addnew page, (2)...
Hitmyserver Hms Testimonials 1.1
Hitmyserver Hms Testimonials 1.2
Hitmyserver Hms Testimonials 1.3
Hitmyserver Hms Testimonials 1.4
Hitmyserver Hms Testimonials 1.4.1
Hitmyserver Hms Testimonials 1.5
Hitmyserver Hms Testimonials 1.6
Hitmyserver Hms Testimonials 1.6.1
Hitmyserver Hms Testimonials 1.6.2
Hitmyserver Hms Testimonials 1.7
Hitmyserver Hms Testimonials 1.7.1
Hitmyserver Hms Testimonials 2.0
Hitmyserver Hms Testimonials 2.0.1
Hitmyserver Hms Testimonials 2.0.2
Hitmyserver Hms Testimonials 2.0.3
Hitmyserver Hms Testimonials 2.0.4
Hitmyserver Hms Testimonials 2.0.5
Hitmyserver Hms Testimonials 2.0.6
Hitmyserver Hms Testimonials 2.0.7
Hitmyserver Hms Testimonials 2.0.8
Hitmyserver Hms Testimonials 2.0.9
Hitmyserver Hms Testimonials
1 EDB exploit
NA
CVE-2023-1404
The Weaver Show Posts Plugin for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 1.6. This makes it possible for authenticated attackers with contributor-level and above permissions ...
Weavertheme Weaver Show Posts
NA
CVE-2023-1403
The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 5.0.7. This makes it possible for authenticated attackers with contributor-level and above permissions to ...
Weavertheme Weaver Xtreme Theme
4.3
CVSSv2
CVE-2011-3860
Cross-site scripting (XSS) vulnerability in the Cover WP theme prior to 1.6.6 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the s parameter.
Onedesigns Cover Wp
Onedesigns Cover Wp 1.1
Onedesigns Cover Wp 1.2
Onedesigns Cover Wp 1.3
Onedesigns Cover Wp 1.4
Onedesigns Cover Wp 1.4.1
Onedesigns Cover Wp 1.5
Onedesigns Cover Wp 1.5.1
Onedesigns Cover Wp 1.5.2
Onedesigns Cover Wp 1.5.3
Onedesigns Cover Wp 1.5.4
Onedesigns Cover Wp 1.5.5
Onedesigns Cover Wp 1.5.6
Onedesigns Cover Wp 1.5.7
Onedesigns Cover Wp 1.5.8
Onedesigns Cover Wp 1.5.9
Onedesigns Cover Wp 1.6
Onedesigns Cover Wp 1.6.1
Onedesigns Cover Wp 1.6.2
Onedesigns Cover Wp 1.6.3
Onedesigns Cover Wp 1.6.4
1 EDB exploit
4.3
CVSSv2
CVE-2012-2572
Cross-site scripting (XSS) vulnerability in the ThreeWP Email Reflector plugin prior to 1.16 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the Subject of an email.
Mindreantre Threewp Email Reflector 1.1
Mindreantre Threewp Email Reflector 1.12
Mindreantre Threewp Email Reflector 1.6
Mindreantre Threewp Email Reflector 1.2
Mindreantre Threewp Email Reflector
Mindreantre Threewp Email Reflector 1.8
Mindreantre Threewp Email Reflector 1.9
Mindreantre Threewp Email Reflector 1.7
Mindreantre Threewp Email Reflector 1.3
Mindreantre Threewp Email Reflector 1.5
Mindreantre Threewp Email Reflector 1.0
Mindreantre Threewp Email Reflector 1.13
Mindreantre Threewp Email Reflector 1.14
Mindreantre Threewp Email Reflector 1.4
Mindreantre Threewp Email Reflector 1.11
Mindreantre Threewp Email Reflector 1.10
1 EDB exploit
4.3
CVSSv2
CVE-2011-3863
Cross-site scripting (XSS) vulnerability in the RedLine theme prior to 1.66 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the s parameter.
Post-scriptum Redline
Post-scriptum Redline 0.2.1
Post-scriptum Redline 0.2.2
Post-scriptum Redline 0.2.3
Post-scriptum Redline 0.2.5
Post-scriptum Redline 0.2.6
Post-scriptum Redline 0.2.7
Post-scriptum Redline 0.2.7.1
Post-scriptum Redline 0.2.9
Post-scriptum Redline 0.3
Post-scriptum Redline 0.5
Post-scriptum Redline 0.5.5
Post-scriptum Redline 0.7
Post-scriptum Redline 0.7.1
Post-scriptum Redline 0.7.5
Post-scriptum Redline 0.8
Post-scriptum Redline 0.85
Post-scriptum Redline 0.90
Post-scriptum Redline 1.0
Post-scriptum Redline 1.0.1
Post-scriptum Redline 1.0.3
Post-scriptum Redline 1.1
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
malicious code
XML injection
CVE-2024-28020
CVE-2024-35252
CVE-2024-5833
CVE-2024-30066
injection
CVE-2024-23282
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »