Filtered by vendor Wordpress
Subscriptions
Total
6177 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-5738 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| The get_allowed_mime_types function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfiltered_html capability for uploads of .htm and .html files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file. | ||||
| CVE-2011-3128 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php. | ||||
| CVE-2012-4242 | 2 Mf Gig Calendar Project, Wordpress | 2 Mf Gig Calendar, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page. | ||||
| CVE-2013-5918 | 2 Platinum Seo Project, Wordpress | 2 Platinum Seo Plugin, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in platinum_seo_pack.php in the Platinum SEO plugin before 1.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | ||||
| CVE-2011-3125 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Various security hardening." | ||||
| CVE-2013-7233 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list. | ||||
| CVE-2011-1047 | 2 Vasthtml, Wordpress | 2 Forum Server, Wordpress | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to index.php, which is not properly handled by wpf.class.php, (2) id parameter in an editpost action to index.php, which is not properly handled by wpf-post.php, or (3) topic parameter to feed.php. | ||||
| CVE-2010-5297 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. | ||||
| CVE-2010-4779 | 2 Bravenewcode, Wordpress | 2 Wptouch, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in lib/includes/auth.inc.php in the WPtouch plugin 1.9.19.4 and 1.9.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wptouch_settings parameter to include/adsense-new.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2010-4630 | 2 Fubra, Wordpress | 2 Wp-survey-and-quiz-tool, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in pages/admin/surveys/create.php in the WP Survey And Quiz Tool plugin 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. | ||||
| CVE-2010-4518 | 2 Wobeo, Wordpress | 2 Wp-safe-search, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-safe-search/wp-safe-search-jx.php in the Safe Search plugin 0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the v1 parameter. | ||||
| CVE-2011-4956 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-6992 | 2 Askapache, Wordpress | 2 Firefox Adsense, Wordpress | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in askapache-firefox-adsense.php in the AskApache Firefox Adsense plugin 3.0 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the aafireadcode parameter to wp-admin/options-general.php. | ||||
| CVE-2013-2203 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| WordPress before 3.5.2, when the uploads directory forbids write access, allows remote attackers to obtain sensitive information via an invalid upload request, which reveals the absolute path in an XMLHttpRequest error message. | ||||
| CVE-2011-4899 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static code injection and cross-site scripting (XSS) attacks via (1) an HTTP request or (2) a MySQL query. NOTE: the vendor disputes the significance of this issue; however, remote code execution makes the issue important in many realistic environments | ||||
| CVE-2012-6633 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php in WordPress before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via an editable slug field. | ||||
| CVE-2012-4272 | 2 Ppfeufer, Wordpress | 2 2-click-social-media-buttons, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "processing of the buttons of Xing and Pinterest". | ||||
| CVE-2012-3384 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2012-4271 | 2 Mark Jaquith, Wordpress | 2 Bad Behavior, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in bad-behavior-wordpress-admin.php in the Bad Behavior plugin before 2.0.47 and 2.2.x before 2.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) httpbl_key, (3) httpbl_maxage, (4) httpbl_threat, (5) reverse_proxy_addresses, or (6) reverse_proxy_header parameter. | ||||
| CVE-2011-5182 | 1 Wordpress | 2 Lanoba Social Plugin, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in lanoba-social-plugin/index.php in the Lanoba Social plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor disputes this issue, stating "Lanoba's plug in does sanitize user input, and because that input is never sent to the browser, an attacker has no way of executing script or code on a user's behalf. | ||||