ReportizFlow
Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
13258 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-5107 | 1 Wordpress | 2 Alert Before You Post, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter. | ||||
| CVE-2012-4264 | 2 Bit51, Wordpress | 2 Better-wp-security, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "server variables," a different vulnerability than CVE-2012-4263. | ||||
| CVE-2012-6506 | 2 Wordpress, Zingiri | 2 Wordpress, Zingiri Web Shop | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php. | ||||
| CVE-2012-5318 | 2 Kishore Asokan, Wordpress | 2 Kish Guest Posting Plugin, Wordpress | 2025-04-11 | N/A |
| Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1125. | ||||
| CVE-2011-3122 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Media security." | ||||
| CVE-2009-4672 | 2 Grupenet, Wordpress | 2 Wp-lytebox, Wordpress | 2025-04-11 | N/A |
| Directory traversal vulnerability in main.php in the WP-Lytebox plugin 1.3 for WordPress allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pg parameter. | ||||
| CVE-2011-4926 | 2 Bueltge, Wordpress | 2 Adminimize, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. | ||||
| CVE-2012-6313 | 2 Simple Gmail Login, Wordpress | 3 1.1.2, 1.1.3, Wordpress | 2025-04-11 | N/A |
| simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace. | ||||
| CVE-2011-3128 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php. | ||||
| CVE-2010-4630 | 2 Fubra, Wordpress | 2 Wp-survey-and-quiz-tool, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in pages/admin/surveys/create.php in the WP Survey And Quiz Tool plugin 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. | ||||
| CVE-2012-2399 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414. | ||||
| CVE-2013-3491 | 2 Mdolon, Wordpress | 2 Sharebar, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Sharebar plugin 1.2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) modify buttons, or (3) insert cross-site scripting (XSS) sequences. | ||||
| CVE-2011-3127 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for (1) admin or (2) login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | ||||
| CVE-2010-0682 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter. | ||||
| CVE-2012-2912 | 2 Kolja Schleich, Wordpress | 2 Leaguemanager, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the LeagueManager plugin 3.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter in the show-league page or (2) season parameter in the team page to wp-admin/admin.php. | ||||
| CVE-2011-3858 | 2 Wordpress, Zespia | 2 Wordpress, Pixiv Custom | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | ||||
| CVE-2010-4779 | 2 Bravenewcode, Wordpress | 2 Wptouch, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in lib/includes/auth.inc.php in the WPtouch plugin 1.9.19.4 and 1.9.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wptouch_settings parameter to include/adsense-new.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2010-0673 | 2 Copperleaf, Wordpress | 2 Photolog, Wordpress | 2025-04-11 | N/A |
| SQL injection vulnerability in cplphoto.php in the Copperleaf Photolog plugin 0.16, and possibly earlier, for WordPress allows remote attackers to execute arbitrary SQL commands via the postid parameter. | ||||
| CVE-2010-5296 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. | ||||
| CVE-2010-5297 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. | ||||