Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.5.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-8605
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote malicious users to obtain sensitive information via a direct request to a backup file in admin...
Xcloner Xcloner 3.5.1
Xcloner Xcloner 3.1.1
1 EDB exploit
NA
CVE-2014-8604
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! returns the MySQL password in cleartext to a text box in the configuration panel, which allows remote malicious users to obtain sensitive information via unspecified vectors.
Xcloner Xcloner 3.5.1
Xcloner Xcloner 3.1.1
1 EDB exploit
NA
CVE-2014-8606
Directory traversal vulnerability in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to read arbitrary files via a .. (dot dot) in the file parameter in a json_return action in the xcloner_show page to wp-admin/admin-ajax.php.
Xcloner Xcloner 3.5.1
Xcloner Xcloner 3.1.1
1 EDB exploit
8.8
CVSSv3
CVE-2015-5483
Multiple cross-site request forgery (CSRF) vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote malicious users to hijack the authentication of administrators for requests that (1) add users, (2) delete posts, or (3) modify PHP files via unspecified vectors...
Private Only Project Private Only 3.5.1
7.5
CVSSv3
CVE-2018-15818
An issue exists in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php.
Reputeinfosystems Repute Arforms
5.4
CVSSv3
CVE-2018-20368
The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback.
Averta Master Slider 3.5.1
Averta Master Slider 3.2.7
NA
CVE-2011-4671
SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions prior to 3.6.8, for WordPress allows remote malicious users to execute arbitrary SQL commands via the track parameter (aka redirect URL).
Adrotateplugin Adrotate
Adrotateplugin Adrotate 0.1
Adrotateplugin Adrotate 0.2
Adrotateplugin Adrotate 0.3
Adrotateplugin Adrotate 0.4
Adrotateplugin Adrotate 0.5
Adrotateplugin Adrotate 0.6
Adrotateplugin Adrotate 0.7
Adrotateplugin Adrotate 0.7.1
Adrotateplugin Adrotate 0.8
Adrotateplugin Adrotate 1.0
Adrotateplugin Adrotate 2.0
Adrotateplugin Adrotate 2.0.1
Adrotateplugin Adrotate 2.1
Adrotateplugin Adrotate 2.2
Adrotateplugin Adrotate 2.3
Adrotateplugin Adrotate 2.3.1
Adrotateplugin Adrotate 2.4
Adrotateplugin Adrotate 2.4.1
Adrotateplugin Adrotate 2.4.2
Adrotateplugin Adrotate 2.4.3
Adrotateplugin Adrotate 2.4.4
2 EDB exploits
NA
CVE-2013-1852
SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin prior to 3.8.1 for WordPress allows remote malicious users to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php.
Kolja Schleich Leaguemanager 3.6.8
Kolja Schleich Leaguemanager 3.6.7
Kolja Schleich Leaguemanager 3.4.1
Kolja Schleich Leaguemanager 3.6.9
Kolja Schleich Leaguemanager 1.2.2
Kolja Schleich Leaguemanager 3.0.3
Kolja Schleich Leaguemanager 3.5.1
Kolja Schleich Leaguemanager 3.7
Kolja Schleich Leaguemanager 2.2
Kolja Schleich Leaguemanager 3.2
Kolja Schleich Leaguemanager 3.5.6
Kolja Schleich Leaguemanager 3.0.2
Kolja Schleich Leaguemanager 1.4.2
Kolja Schleich Leaguemanager 2.5.2
Kolja Schleich Leaguemanager
Kolja Schleich Leaguemanager 3.5
Kolja Schleich Leaguemanager 2.9.2
Kolja Schleich Leaguemanager 3.5.2
Kolja Schleich Leaguemanager 3.6.2
Kolja Schleich Leaguemanager 3.1.9
Kolja Schleich Leaguemanager 3.0.1
Kolja Schleich Leaguemanager 1.3
1 EDB exploit
1 Github repository
4.8
CVSSv3
CVE-2022-2118
The 404s WordPress plugin prior to 3.5.1 does not sanitise and escape its fields, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Tooltulips 404s
NA
CVE-2010-4403
The Register Plus plugin 3.5.1 and previous versions for WordPress allows remote malicious users to obtain sensitive information via a direct request to (1) dash_widget.php and (2) register-plus.php, which reveals the installation path in an error message.
Devbits Register-plus
Devbits Register-plus 1.1
Devbits Register-plus 1.2
Devbits Register-plus 2.0
Devbits Register-plus 2.1
Devbits Register-plus 2.2
Devbits Register-plus 2.3
Devbits Register-plus 2.4
Devbits Register-plus 2.5
Devbits Register-plus 2.6
Devbits Register-plus 2.7
Devbits Register-plus 2.8
Devbits Register-plus 2.9
Devbits Register-plus 3.0
Devbits Register-plus 3.0.1
Devbits Register-plus 3.0.2
Devbits Register-plus 3.1
Devbits Register-plus 3.2
Devbits Register-plus 3.3
Devbits Register-plus 3.4
Devbits Register-plus 3.4.1
Devbits Register-plus 3.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »