Shodan
Vulnerabilities
Vulnerable Software
Wordpress:  >> Wordpress  >> 3.6.1  Security Vulnerabilities
CVE-2012-1010
Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.
CVSS Score
7.5
EPSS Score
0.231
Published
2012-02-07
CVE-2012-1011
actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.
CVSS Score
7.5
EPSS Score
0.262
Published
2012-02-07
CVE-2012-0934
PHP remote file inclusion vulnerability in ajax/savetag.php in the Theme Tuner plugin for WordPress before 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the tt-abspath parameter.
CVSS Score
7.5
EPSS Score
0.014
Published
2012-01-29
CVE-2012-0898
Directory traversal vulnerability in meb_download.php in the myEASYbackup plugin 1.0.8.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dwn_file parameter.
CVSS Score
5.0
EPSS Score
0.002
Published
2012-01-20
CVE-2012-0895
Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter.
CVSS Score
4.3
EPSS Score
0.072
Published
2012-01-20
CVE-2012-0896
Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.
CVSS Score
5.0
EPSS Score
0.099
Published
2012-01-20
CVE-2011-5051
Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension using (1) uploadify/upload_admin_avatar.php or (2) uploadify/upload_profile_avatar.php, then accessing it via a direct request to the file in an unspecified directory inside the webroot.
CVSS Score
7.5
EPSS Score
0.038
Published
2012-01-04
CVE-2011-4803
SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVSS Score
7.5
EPSS Score
0.008
Published
2011-12-14
CVE-2011-4673
SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVSS Score
7.5
EPSS Score
0.002
Published
2011-12-02
CVE-2011-4671
SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL).
CVSS Score
7.5
EPSS Score
0.008
Published
2011-12-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved