ReportizFlow
Filtered by vendor Wordpress
Subscriptions
Total
9669 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0541 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain configurations causes a brief file excerpt to be published as a blog comment. | ||||
| CVE-2008-0206 | 1 Wordpress | 1 Captcha | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in captcha\captcha.php in the Captcha! 2.5d and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) captcha_ttffolder, (2) captcha_numchars, (3) captcha_ttfrange, or (4) captcha_secret parameter. | ||||
| CVE-2007-4483 | 1 Wordpress | 1 Wordpressclassic | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the WordPress Classic 1.5 theme in WordPress before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). | ||||
| CVE-2007-3241 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in blogroll.php in the cordobo-green-park theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI. | ||||
| CVE-2009-2852 | 2 Ryan.mcgeary, Wordpress | 2 Wp-syntax, Wordpress | 2025-04-09 | N/A |
| WP-Syntax plugin 0.9.1 and earlier for Wordpress, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via the test_filter[wp_head] array parameter to test/index.php, which is used in a call to the call_user_func_array function. | ||||
| CVE-2008-4769 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-4169 | 2 Roytanck, Wordpress | 2 Wp-cumulus, Wordpress | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-cumulus.php in the WP-Cumulus Plug-in before 1.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-2336 | 1 Wordpress | 2 Wordpress, Wordpress Mu | 2025-04-09 | N/A |
| The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience." | ||||
| CVE-2007-0539 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| The wp_remote_fopen function in WordPress before 2.1 allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a large file, which triggers a long download session without a timeout constraint. | ||||
| CVE-2008-1304 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php. | ||||
| CVE-2007-1049 | 2 Gentoo, Wordpress | 2 Linux, Wordpress | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable. | ||||
| CVE-2008-4732 | 2 Pressography, Wordpress | 2 Wp Comment Remix Plugin, Wordpress | 2025-04-09 | N/A |
| SQL injection vulnerability in ajax_comments.php in the WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the p parameter. | ||||
| CVE-2007-4894 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to "early database escaping" and missing validation of "query string like parameters." | ||||
| CVE-2008-0194 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. NOTE: this might be the same as CVE-2006-5705.1. | ||||
| CVE-2008-0939 | 1 Wordpress | 1 Photo Album Plugin | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to index.php, used by the wppa_album_name function. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-1897 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable. | ||||
| CVE-2007-4480 | 1 Wordpress | 1 Sirius | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the Sirius 1.0 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). | ||||
| CVE-2008-6811 | 2 Instinct, Wordpress | 2 E-commerce Plugin, Wordpress | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in image_processing.php in the e-Commerce Plugin 3.4 and earlier for Wordpress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/plugins/wp-shopping-cart/. | ||||
| CVE-2008-0507 | 1 Wordpress | 1 Adserve | 2025-04-09 | N/A |
| SQL injection vulnerability in adclick.php in the AdServe 0.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-4733 | 2 Pressography, Wordpress | 2 Wp Comment Remix Plugin, Wordpress | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in wpcommentremix.php in WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) replytotext, (2) quotetext, (3) originallypostedby, (4) sep, (5) maxtags, (6) tagsep, (7) tagheadersep, (8) taglabel, and (9) tagheaderlabel parameters. | ||||