Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
8397 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4117 | 2 Anshul Sharma, Wordpress | 2 Category-grid-view-gallery, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter. | ||||
| CVE-2013-4954 | 2 Genetechsolutions, Wordpress | 2 Pie-register, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password" is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pass1 or (2) pass2 parameter in a register action. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2013-5098 | 2 Mikejolley, Wordpress | 2 Download Monitor, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the sort parameter, a different vulnerability than CVE-2013-3262. | ||||
| CVE-2013-5739 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| The default configuration of WordPress before 3.6.1 does not prevent uploads of .swf and .exe files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file, related to the get_allowed_mime_types function in wp-includes/functions.php. | ||||
| CVE-2012-6527 | 2 Joedolson, Wordpress | 2 My Calendar, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the My Calendar plugin before 1.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | ||||
| CVE-2012-1010 | 2 Likno, Wordpress | 2 Allwebmenus Plugin, Wordpress | 2025-04-11 | N/A |
| Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory. | ||||
| CVE-2012-6506 | 2 Wordpress, Zingiri | 2 Wordpress, Zingiri Web Shop | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php. | ||||
| CVE-2012-6312 | 2 Video-lead-form, Wordpress | 2 Uk-cookie, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php. | ||||
| CVE-2012-5388 | 2 Videousermanuals, Wordpress | 2 White-label-cms, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, a related issue to CVE-2012-5387. | ||||
| CVE-2013-3261 | 2 Photogallerycreator, Wordpress | 2 Flash-album-gallery, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the GRAND FlAGallery plugin before 2.72 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in a flag-manage-gallery action. | ||||
| CVE-2012-5350 | 1 Wordpress | 2 Pay-with-tweet, Wordpress | 2025-04-11 | N/A |
| SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode. | ||||
| CVE-2012-5349 | 1 Wordpress | 2 Pay-with-tweet, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3) dl parameter. | ||||
| CVE-2013-5917 | 2 Rodrigo Coimbra, Wordpress | 2 Nospam Pti, Wordpress | 2025-04-11 | N/A |
| SQL injection vulnerability in wp-comments-post.php in the NOSpam PTI plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the comment_post_ID parameter. | ||||
| CVE-2012-5346 | 2 Bencemeszaros, Wordpress | 2 Wp-livephp, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-live.php in the WP Live.php module 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2012-6499 | 2 Age Verification Project, Wordpress | 2 Age Verification, Wordpress | 2025-04-11 | N/A |
| Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter. | ||||
| CVE-2012-5328 | 2 Cartpauj, Wordpress | 2 Mingle-forum, Wordpress | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via the (1) memberid or (2) groupid parameters in a removemember action or (3) id parameter to fs-admin/fs-admin.php, or (4) edit_forum_id parameter in an edit_save_forum action to fs-admin/wpf-edit-forum-group.php. | ||||
| CVE-2013-0736 | 2 Cartpauj, Wordpress | 2 Mingle-forum, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) modify user privileges or (2) conduct cross-site scripting (XSS) attacks via unspecified vectors. | ||||
| CVE-2012-5325 | 2 Cartpauj, Wordpress | 2 Shortcode-redirect, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the scr_do_redirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via the (1) url or (2) sec attributes in a redirect tag. | ||||
| CVE-2012-5310 | 2 Getshopped, Wordpress | 2 Wp E-commerce, Wordpress | 2025-04-11 | N/A |
| SQL injection vulnerability in the WP e-Commerce plugin before 3.8.7.6 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2012-5178 | 2 Welcart, Wordpress | 2 Welcart Plugin, Wordpress | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that complete a purchase. | ||||