Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
8957 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-1047 | 2 Vasthtml, Wordpress | 2 Forum Server, Wordpress | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to index.php, which is not properly handled by wpf.class.php, (2) id parameter in an editpost action to index.php, which is not properly handled by wpf-post.php, or (3) topic parameter to feed.php. | ||||
| CVE-2012-6313 | 2 Simple Gmail Login, Wordpress | 3 1.1.2, 1.1.3, Wordpress | 2025-04-11 | N/A |
| simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace. | ||||
| CVE-2013-4117 | 2 Anshul Sharma, Wordpress | 2 Category-grid-view-gallery, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter. | ||||
| CVE-2011-3122 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Media security." | ||||
| CVE-2012-4327 | 2 Wordpress, Wpslideshow | 2 Wordpress, Image News Slider | 2025-04-11 | N/A |
| Unspecified vulnerability in the Image News slider plugin before 3.3 for WordPress has unspecified impact and remote attack vectors. | ||||
| CVE-2013-4954 | 2 Genetechsolutions, Wordpress | 2 Pie-register, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password" is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pass1 or (2) pass2 parameter in a register action. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2013-5098 | 2 Mikejolley, Wordpress | 2 Download Monitor, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the sort parameter, a different vulnerability than CVE-2013-3262. | ||||
| CVE-2013-5739 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| The default configuration of WordPress before 3.6.1 does not prevent uploads of .swf and .exe files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file, related to the get_allowed_mime_types function in wp-includes/functions.php. | ||||
| CVE-2013-5917 | 2 Rodrigo Coimbra, Wordpress | 2 Nospam Pti, Wordpress | 2025-04-11 | N/A |
| SQL injection vulnerability in wp-comments-post.php in the NOSpam PTI plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the comment_post_ID parameter. | ||||
| CVE-2013-6993 | 2 Ad-minister Project, Wordpress | 2 Ad-minister, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the key parameter in a delete action to wp-admin/tools.php. | ||||
| CVE-2013-7240 | 2 Westerndeal, Wordpress | 2 Advanced Dewplayer, Wordpress | 2025-04-11 | N/A |
| Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter. | ||||
| CVE-2013-7276 | 2 Recommend To A Friend Project, Wordpress | 2 Recommend To A Friend, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in inc/raf_form.php in the Recommend to a friend plugin 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the current_url parameter. | ||||
| CVE-2013-7279 | 2 Anthony Mills, Wordpress | 2 S3 Video, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in views/video-management/preview_video.php in the S3 Video plugin before 0.983 for WordPress allows remote attackers to inject arbitrary web script or HTML via the base parameter. | ||||
| CVE-2012-6499 | 2 Age Verification Project, Wordpress | 2 Age Verification, Wordpress | 2025-04-11 | N/A |
| Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter. | ||||
| CVE-2014-1232 | 2 Foliovision, Wordpress | 2 Foliopress Wysiwyg, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-5856 | 2 Uk-cookie Project, Wordpress | 2 Uk-cookie, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka uk-cookie) plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-4748 | 2 Andrew Charlton, Wordpress | 2 My Category Order, Wordpress | 2025-04-11 | N/A |
| SQL injection vulnerability in mycategoryorder.php in the My Category Order plugin 2.8 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the parentID parameter in an act_OrderCategories action to wp-admin/post-new.php. | ||||
| CVE-2013-6010 | 2 Wearegumball, Wordpress | 2 Comment-attachment, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Comment Attachment plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Attachment field title." | ||||
| CVE-2013-5672 | 2 Indianic, Wordpress | 2 Testimonial Plugin, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the IndiaNIC Testimonial plugin 2.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add a testimonial via an iNIC_testimonial_save action; (2) add a listing template via an iNIC_testimonial_save_listing_template action; (3) add a widget template via an iNIC_testimonial_save_widget action; insert cross-site scripting (XSS) sequences via the (4) project_name, (5) project_url, (6) client_name, (7) client_city, (8) client_state, (9) description, (10) tags, (11) video_url, or (12) is_featured, (13) title, (14) widget_title, (15) no_of_testimonials, (16) filter_by_country, (17) filter_by_tags, or (18) widget_template parameter to wp-admin/admin-ajax.php. | ||||
| CVE-2010-0673 | 2 Copperleaf, Wordpress | 2 Photolog, Wordpress | 2025-04-11 | N/A |
| SQL injection vulnerability in cplphoto.php in the Copperleaf Photolog plugin 0.16, and possibly earlier, for WordPress allows remote attackers to execute arbitrary SQL commands via the postid parameter. | ||||