WordPress 4.0.x < 4.0.37 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A stored Cross-Site Scripting XSS via wp-mail.php post by email. - An open redirect in wpnonceays. - Sender's email address is exposed in wp-mail.php. - A Cross-Site...

WordPress 4.0.x < 4.0.36 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A SQL injection vulnerability within the Link API. - A Cross-Site Scripting XSS vulnerability on the Plugins screen. - An output escaping issue within themeta. Note that t...

CVE-2015-3439

Cross-site scripting XSS vulnerability in the Ephox formerly Moxiecode plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as...