Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.5 vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2018-1002004
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
Kibokolabs Arigato Autoresponder And Newsletter 2.5.1.8
1 EDB exploit
4.8
CVSSv3
CVE-2018-1002005
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.
Kibokolabs Arigato Autoresponder And Newsletter
1 EDB exploit
4.8
CVSSv3
CVE-2018-1002008
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable.
Kibokolabs Arigato Autoresponder And Newsletter 2.5.1.8
1 EDB exploit
NA
CVE-2011-4671
SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions prior to 3.6.8, for WordPress allows remote malicious users to execute arbitrary SQL commands via the track parameter (aka redirect URL).
Adrotateplugin Adrotate
Adrotateplugin Adrotate 0.1
Adrotateplugin Adrotate 0.2
Adrotateplugin Adrotate 0.3
Adrotateplugin Adrotate 0.4
Adrotateplugin Adrotate 0.5
Adrotateplugin Adrotate 0.6
Adrotateplugin Adrotate 0.7
Adrotateplugin Adrotate 0.7.1
Adrotateplugin Adrotate 0.8
Adrotateplugin Adrotate 1.0
Adrotateplugin Adrotate 2.0
Adrotateplugin Adrotate 2.0.1
Adrotateplugin Adrotate 2.1
Adrotateplugin Adrotate 2.2
Adrotateplugin Adrotate 2.3
Adrotateplugin Adrotate 2.3.1
Adrotateplugin Adrotate 2.4
Adrotateplugin Adrotate 2.4.1
Adrotateplugin Adrotate 2.4.2
Adrotateplugin Adrotate 2.4.3
Adrotateplugin Adrotate 2.4.4
2 EDB exploits
7.5
CVSSv3
CVE-2015-5468
Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin prior to 2.6 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the filename parameter to includes/download.php.
Wpshopstyling Wp E-commerce Shop Styling
1 EDB exploit
NA
CVE-2012-4915
Directory traversal vulnerability in the Google Doc Embedder plugin prior to 2.5.4 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php.
Davistribe Google Doc Embedder
Davistribe Google Doc Embedder 2.0
Davistribe Google Doc Embedder 2.1
Davistribe Google Doc Embedder 2.2
Davistribe Google Doc Embedder 2.2.1
Davistribe Google Doc Embedder 2.2.2
Davistribe Google Doc Embedder 2.2.3
Davistribe Google Doc Embedder 2.3
Davistribe Google Doc Embedder 2.4
Davistribe Google Doc Embedder 2.4.1
Davistribe Google Doc Embedder 2.4.2
Davistribe Google Doc Embedder 2.4.3
Davistribe Google Doc Embedder 2.4.4
Davistribe Google Doc Embedder 2.4.5
Davistribe Google Doc Embedder 2.4.6
Davistribe Google Doc Embedder 2.5
Davistribe Google Doc Embedder 2.5.1
Davistribe Google Doc Embedder 2.5.2
1 EDB exploit
1 Github repository
NA
CVE-2013-1852
SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin prior to 3.8.1 for WordPress allows remote malicious users to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php.
Kolja Schleich Leaguemanager 3.6.8
Kolja Schleich Leaguemanager 3.6.7
Kolja Schleich Leaguemanager 3.4.1
Kolja Schleich Leaguemanager 3.6.9
Kolja Schleich Leaguemanager 1.2.2
Kolja Schleich Leaguemanager 3.0.3
Kolja Schleich Leaguemanager 3.5.1
Kolja Schleich Leaguemanager 3.7
Kolja Schleich Leaguemanager 2.2
Kolja Schleich Leaguemanager 3.2
Kolja Schleich Leaguemanager 3.5.6
Kolja Schleich Leaguemanager 3.0.2
Kolja Schleich Leaguemanager 1.4.2
Kolja Schleich Leaguemanager 2.5.2
Kolja Schleich Leaguemanager
Kolja Schleich Leaguemanager 3.5
Kolja Schleich Leaguemanager 2.9.2
Kolja Schleich Leaguemanager 3.5.2
Kolja Schleich Leaguemanager 3.6.2
Kolja Schleich Leaguemanager 3.1.9
Kolja Schleich Leaguemanager 3.0.1
Kolja Schleich Leaguemanager 1.3
1 EDB exploit
1 Github repository
NA
CVE-2013-5711
Cross-site scripting (XSS) vulnerability in admin/walkthrough/walkthrough.php in the Design Approval System plugin prior to 3.7 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the step parameter.
Slickremix Design Approval System Plugin 2.0
Slickremix Design Approval System Plugin 2.4
Slickremix Design Approval System Plugin 1.9
Slickremix Design Approval System Plugin 2.1
Slickremix Design Approval System Plugin 1.1
Slickremix Design Approval System Plugin 2.5
Slickremix Design Approval System Plugin 2.2
Slickremix Design Approval System Plugin 2.3
Slickremix Design Approval System Plugin 2.8
Slickremix Design Approval System Plugin 1.6
Slickremix Design Approval System Plugin 3.2
Slickremix Design Approval System Plugin 3.0
Slickremix Design Approval System Plugin 3.3
Slickremix Design Approval System Plugin 1.8
Slickremix Design Approval System Plugin 1.7
Slickremix Design Approval System Plugin 1.2
Slickremix Design Approval System Plugin 2.6
Slickremix Design Approval System Plugin 3.5
Slickremix Design Approval System Plugin 1.4
Slickremix Design Approval System Plugin 3.1
Slickremix Design Approval System Plugin 1.0
Slickremix Design Approval System Plugin 3.4
NA
CVE-2014-7956
Cross-site scripting (XSS) vulnerability in the Pods plugin prior to 2.5 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the id parameter in an edit action in the pods page to wp-admin/admin.php.
Podsfoundation Pods
NA
CVE-2014-4717
Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin prior to 4.5 for WordPress allow remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba...
Sharethis Simple Share Buttons Adder 2.2
Sharethis Simple Share Buttons Adder 2.0
Sharethis Simple Share Buttons Adder 1.0
Sharethis Simple Share Buttons Adder 3.2
Sharethis Simple Share Buttons Adder 3.9
Sharethis Simple Share Buttons Adder 3.8
Sharethis Simple Share Buttons Adder 1.5
Sharethis Simple Share Buttons Adder 2.3
Sharethis Simple Share Buttons Adder 1.1
Sharethis Simple Share Buttons Adder 3.0
Sharethis Simple Share Buttons Adder 2.4
Sharethis Simple Share Buttons Adder 3.5
Sharethis Simple Share Buttons Adder 2.8
Sharethis Simple Share Buttons Adder 4.2
Sharethis Simple Share Buttons Adder 4.0
Sharethis Simple Share Buttons Adder 4.1
Sharethis Simple Share Buttons Adder 1.9
Sharethis Simple Share Buttons Adder 2.9
Sharethis Simple Share Buttons Adder 3.4
Sharethis Simple Share Buttons Adder 3.1
Sharethis Simple Share Buttons Adder 1.6
Sharethis Simple Share Buttons Adder 2.6
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »