cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-40700,https://securityvulnerability.io/vulnerability/CVE-2022-40700,Server Side Request Forgery (SSRF) vulnerability affecting multiple WordPress plugins,"A Server-Side Request Forgery (SSRF) vulnerability exists in multiple WordPress and WooCommerce plugins, enabling attackers to send unauthorized requests from the server to internal or external services. This could be exploited to access sensitive information or services that are otherwise protected. The vulnerability impacts various popular plugins, causing potential risks if left unaddressed. Users of affected plugins are urged to update to the latest versions and follow security best practices to mitigate these vulnerabilities.",Wordpress,"Montonio For WooCommerce,WPopal Core Features,Arcstone,Woovirtualwallet – A Virtual Wallet For WooCommerce,Woovip – Membership Plugin For WordPress And WooCommerce,Woosupply – Suppliers, Supply Orders And Stock Management,Theme Minifier,Styles,WordPress Page Builder – Qards,PHPfreechat,Custom Login Admin Front-end Css,Css Adder By Agence-press,Confirm Data,Amp Toolbox,Admin Css Mu",8.2,HIGH,0.3032900094985962,false,,false,false,false,,false,false,2024-01-19T14:30:11.427Z,0
CVE-2009-2432,https://securityvulnerability.io/vulnerability/CVE-2009-2432,,"WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message.",Wordpress,"WordPress,WordPress Mu",,,0.005799999926239252,false,,false,false,false,,false,false,2009-07-10T20:25:00.000Z,0
CVE-2009-2335,https://securityvulnerability.io/vulnerability/CVE-2009-2335,,"WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.  NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for ""user convenience.""",Wordpress,"WordPress,WordPress Mu",,,0.9581900238990784,false,,false,false,false,,false,false,2009-07-10T20:25:00.000Z,0
CVE-2009-2334,https://securityvulnerability.io/vulnerability/CVE-2009-2334,,"wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as demonstrated by the (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, and (5) wp-ids/ids-admin.php files. NOTE: this can be leveraged for cross-site scripting (XSS) and denial of service.",Wordpress,"WordPress,WordPress Mu",,,0.08698999881744385,false,,false,false,false,,false,false,2009-07-10T20:25:00.000Z,0
CVE-2009-2336,https://securityvulnerability.io/vulnerability/CVE-2009-2336,,"The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.  NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for ""user convenience.""",Wordpress,"WordPress,WordPress Mu",,,0.013570000417530537,false,,false,false,false,,false,false,2009-07-10T20:25:00.000Z,0
CVE-2009-1030,https://securityvulnerability.io/vulnerability/CVE-2009-1030,,Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.,Wordpress,WordPress Mu,,,0.004350000061094761,false,,false,false,false,,false,false,2009-03-20T00:00:00.000Z,0
CVE-2008-5695,https://securityvulnerability.io/vulnerability/CVE-2008-5695,,"wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.",Wordpress,"WordPress,WordPress Mu",,,0.18874000012874603,false,,false,false,false,,false,false,2008-12-19T18:00:00.000Z,0
CVE-2008-4671,https://securityvulnerability.io/vulnerability/CVE-2008-4671,,Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) before 2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) s and (2) ip_address parameters.,Wordpress,WordPress Mu,,,0.0024399999529123306,false,,false,false,false,,false,false,2008-10-22T10:00:00.000Z,0
CVE-2007-4544,https://securityvulnerability.io/vulnerability/CVE-2007-4544,,Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the weblog_id parameter (Username field).,Wordpress,WordPress Mu,,,0.0015699999639764428,false,,false,false,false,,false,false,2007-08-27T23:17:00.000Z,0
CVE-2007-3543,https://securityvulnerability.io/vulnerability/CVE-2007-3543,,"Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php.",Wordpress,"WordPress,WordPress Mu",,,0.0041600000113248825,false,,false,false,false,,false,false,2007-07-03T20:00:00.000Z,0
CVE-2007-3544,https://securityvulnerability.io/vulnerability/CVE-2007-3544,,"Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543.",Wordpress,"WordPress,WordPress Mu",,,0.002099999925121665,false,,false,false,false,,false,false,2007-07-03T20:00:00.000Z,0