Exposición de WordPress

Blogs, CMS

2045

score de exposición

2.932.393

sitios usan

0

en explotación

174

críticos

CVEs

2380 resultados

CVE-2022-21661HIGHSQL injection in WordPressEPSS 97.8%CVE-2023-23488CRITICALThe Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' paraEPSS 92.5%CVE-2022-1707MEDIUMGoogle Tag Manager for WordPress <= 1.15 - Reflected Cross-Site Scripting via Site SearchEPSS 88.6%CVE-2023-28121—An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behaEPSS 86.9%CVE-2021-29447HIGHWordPress Authenticated XXE attack when installation is running PHP 8EPSS 85.7%CVE-2022-0441—MasterStudy LMS < 2.7.6 - Unauthenticated Admin Account CreationEPSS 85.3%CVE-2021-24155—Backup Guard < 1.6.0 - Authenticated Arbitrary File UploadEPSS 83.7%CVE-2024-2876CRITICALIcegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.14 - Unauthenticated SQL InjectionEPSS 80.6%CVE-2021-42362HIGHWordPress Popular Posts <= 5.3.2 Authenticated Arbitrary File UploadEPSS 79.8%CVE-2023-2745MEDIUMWordPress Core < 6.2.1 - Directory TraversalEPSS 79.5%CVE-2024-1512CRITICALMasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.2.5 - Unauthenticated SQL InjectionEPSS 77.7%CVE-2025-11749CRITICALAI Engine <= 3.1.3 - Unauthenticated Sensitive Information Exposure to Privilege EscalationEPSS 75.3%CVE-2024-4439HIGHWordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due tEPSS 70.8%CVE-2021-39316HIGHZoomSounds <= 6.45 Unauthenticated Directory Traversal and Sensitive Information DislosureEPSS 66.5%CVE-2022-21662HIGHStored XSS in WordPressEPSS 64.7%CVE-2024-8522CRITICALLearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields'EPSS 61.4%CVE-2023-23492HIGHThe Login with Phone Number WordPress Plugin, version < 1.4.2, is affected by an authenticated SQL injection vulnerability in the 'ID' paramEPSS 57.4%CVE-2021-24307—All in One SEO Pack < 4.1.0.2 - Admin RCE via unserializeEPSS 52.6%CVE-2023-6567CRITICALLearnPress <= 4.2.5.7 - Unauthenticated SQL Injection via order_byEPSS 51.4%CVE-2020-6010—LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL InjectionEPSS 49.2%

← anteriorpágina 1 / 119siguiente →

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →