Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
578 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-3384 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2012-3385 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors. | ||||
| CVE-2012-3414 | 3 Swfupload Project, Tinymce, Wordpress | 3 Swfupload, Image Manager, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function. | ||||
| CVE-2012-3434 | 2 Tom Braider, Wordpress | 2 Count Per Day, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in userperspan.php in the Count Per Day module before 3.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) datemin, or (3) datemax parameter. | ||||
| CVE-2012-3575 | 2 Rbx Gallery, Wordpress | 2 Rbx Gallery, Wordpress | 2025-04-11 | N/A |
| Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/rbxslider. | ||||
| CVE-2012-3576 | 2 Jquindlen, Wordpress | 2 Wpstorecart, Wordpress | 2025-04-11 | N/A |
| Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin before 2.5.30 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/wpstorecart. | ||||
| CVE-2012-3588 | 1 Wordpress | 2 Plugin Newsletter Plugin, Wordpress | 2025-04-11 | N/A |
| Directory traversal vulnerability in preview.php in the Plugin Newsletter plugin 1.5 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the data parameter. | ||||
| CVE-2012-3814 | 2 Pippin Williamson, Wordpress | 2 Font Uploader, Wordpress | 2025-04-11 | N/A |
| Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf extension, then accessing it via a direct request to the file in font-uploader/fonts. | ||||
| CVE-2012-4033 | 2 Wordpress, Zingiri | 2 Wordpress, Zingiri Web Shop | 2025-04-11 | N/A |
| Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin before 2.4.0 for WordPress have unknown impact and attack vectors. | ||||
| CVE-2012-4242 | 2 Mf Gig Calendar Project, Wordpress | 2 Mf Gig Calendar, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page. | ||||
| CVE-2012-4268 | 2 Ait-pro, Wordpress | 2 Bulletproof-security, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in bulletproof-security/admin/options.php in the BulletProof Security plugin before .47.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_ACCEPT_ENCODING header. | ||||
| CVE-2012-4273 | 2 Ppfeufer, Wordpress | 2 2-click-social-media-buttons, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter. | ||||
| CVE-2012-4332 | 2 Barandisolutions, Wordpress | 2 Shareyourcart, Wordpress | 2025-04-11 | N/A |
| The ShareYourCart plugin 1.7.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors related to the SDK. | ||||
| CVE-2011-3860 | 2 Onedesigns, Wordpress | 2 Cover Wp, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | ||||
| CVE-2012-4421 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing Protocol (aka AtomPub) feature. | ||||
| CVE-2012-4422 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin changes by leveraging the Administrator role. | ||||
| CVE-2012-4448 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboard_incoming_links edit action. | ||||
| CVE-2012-4874 | 2 Awpcp, Wordpress | 2 Another Wordpress Classifieds Plugin, Wordpress | 2025-04-11 | N/A |
| Unspecified vulnerability in the Another WordPress Classifieds Plugin before 2.0 for WordPress has unknown impact and attack vectors related to "image uploads." | ||||
| CVE-2012-5177 | 2 Welcart, Wordpress | 2 Welcart Plugin, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-5178 | 2 Welcart, Wordpress | 2 Welcart Plugin, Wordpress | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that complete a purchase. | ||||