-
Unauthenticated Stored Cross-Site Scripting (XSS)
https://cedricvb.be/post/wordpress-stored-xss-vulnerability-4-1-2/ -
Same-Origin Method Execution [Wordpress 3.9 - 4.1.1]
https://wpvulndb.com/vulnerabilities/7933 -
Authenticated Stored Cross-Site Scripting (XSS)
https://wpvulndb.com/vulnerabilities/8111 -
Legacy Theme Preview Cross-Site Scripting (XSS)
https://wpvulndb.com/vulnerabilities/8133 -
Authenticated Shortcode Tags Cross-Site Scripting (XSS)
https://wpvulndb.com/vulnerabilities/8186 -
Publish Post & Mark as Sticky Permission Issue
https://wpvulndb.com/vulnerabilities/8188 -
Local URIs Server Side Request Forgery (SSRF)
https://wpvulndb.com/vulnerabilities/8376 -
Stored Cross-Site Scripting (XSS) via Theme Name fallback
https://wpvulndb.com/vulnerabilities/8718 -
Authenticated Cross-Site Scripting (XSS) via Media File Metadata
https://wpvulndb.com/vulnerabilities/8765 -
Authenticated Stored Cross-Site Scripting (XSS) in YouTube URL Embeds
https://wpvulndb.com/vulnerabilities/8768 -
Host Header Injection in Password Reset
https://wpvulndb.com/vulnerabilities/8807 -
Filesystem Credentials Dialog CSRF
https://wpvulndb.com/vulnerabilities/8818 -
Large File Upload Error XSS
https://wpvulndb.com/vulnerabilities/8819 -
Unauthenticated Stored Cross-Site Scripting (XSS)
https://wpvulndb.com/vulnerabilities/7945 -
Press This CSRF DoS
https://wpvulndb.com/vulnerabilities/8770 -
Unauthenticated Remote Code Execution (RCE) PoC Exploit (default configuration, no plugins, no auth)
https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html -
Audio playlist cross site scripting
https://packetstormsecurity.com/files/141491 -
XSS in media upload when file too large
https://hackerone.com/reports/203515 -
Multiple SQL injection vulnerabilities in WordPress Video Player
https://wpvulndb.com/vulnerabilities/8562 -
Insert Html Snippet <= 1.2 - cross-site request forgery
https://wpvulndb.com/vulnerabilities/8682