Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Wordpress Subscribe
Filtered by product Wordpress
Total 581 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-3122 1 Wordpress 1 Wordpress 2017-08-28 10.0 HIGH N/A
Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Media security."
CVE-2011-3125 1 Wordpress 1 Wordpress 2017-08-28 10.0 HIGH N/A
Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Various security hardening."
CVE-2011-3126 1 Wordpress 1 Wordpress 2017-08-28 5.0 MEDIUM N/A
WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote attackers to determine usernames of non-authors via canonical redirects.
CVE-2011-3127 1 Wordpress 1 Wordpress 2017-08-28 5.8 MEDIUM N/A
WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for (1) admin or (2) login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
CVE-2011-3128 1 Wordpress 1 Wordpress 2017-08-28 5.0 MEDIUM N/A
WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php.
CVE-2011-3130 1 Wordpress 1 Wordpress 2017-08-28 7.5 HIGH N/A
wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Taxonomy query hardening," possibly involving SQL injection.
CVE-2011-3981 2 Likno, Wordpress 2 Allwebmenus Plugin, Wordpress 2017-08-28 7.5 HIGH N/A
PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
CVE-2011-4562 2 John Godley, Wordpress 2 Redirection Plugin, Wordpress 2017-08-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in (1) view/admin/log_item.php and (2) view/admin/log_item_details.php in the Redirection plugin 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist.
CVE-2011-4618 2 Simplerealtytheme, Wordpress 2 Advanced Text Widget Plugin, Wordpress 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2011-4669 1 Wordpress 2 Wordpress, Wordpress-users 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the uid parameter to index.php.
CVE-2011-4673 2 Automattic, Wordpress 2 Jetpack, Wordpress 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2011-5051 2 Wordpress, Wpsymposium 2 Wordpress, Wp Symposium 2017-08-28 7.5 HIGH N/A
Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension using (1) uploadify/upload_admin_avatar.php or (2) uploadify/upload_profile_avatar.php, then accessing it via a direct request to the file in an unspecified directory inside the webroot.
CVE-2011-5082 2 S2member, Wordpress 2 S2member, Wordpress 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the s2Member Pro plugin before 111220 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s2member_pro_authnet_checkout[coupon] parameter (aka Coupon Code field).
CVE-2011-5104 2 Getshopped, Wordpress 2 Wp E-commerce, Wordpress 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in wpsc-admin/display-sales-logs.php in WP e-Commerce plugin 3.8.7.1 and possibly earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_text parameter. NOTE: some of these details are obtained from third party information.
CVE-2011-5264 2 Marcel Brinkkemper, Wordpress 2 Lazyest-backup, Wordpress 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in lazyest-backup.php in the Lazyest Backup plugin before 0.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xml_or_all parameter.
CVE-2011-5194 2 Phpace, Wordpress 2 Samswhois, Wordpress 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin before 1.4.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vulnerability than CVE-2011-5193.
CVE-2011-5207 2 Thecartpress, Wordpress 2 Thecartpress, Wordpress 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script or HTML via the tcp_name_post_XXXXX parameter.
CVE-2011-5224 2 Trioniclabs, Wordpress 2 Sentinel, Wordpress 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-5225 2 Trioniclabs, Wordpress 2 Sentinel, Wordpress 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2011-5226 2 Trioniclabs, Wordpress 2 Sentinel, Wordpress 2017-08-28 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to hijack the authentication of an administrator for requests that trigger snapshots.