Total
581 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-1599 | 1 Wordpress | 1 Wordpress | 2017-08-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in wp-links/links.all.php in WordPress 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the $abspath variable. | |||||
CVE-2003-1598 | 1 Wordpress | 1 Wordpress | 2017-08-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable. | |||||
CVE-2010-4825 | 2 Pleer, Wordpress | 2 Wp-twitter-feed, Wordpress | 2017-08-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in magpie_debug.php in the Twitter Feed plugin (wp-twitter-feed) 0.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
CVE-2010-4875 | 2 Wordpress, Xondie | 2 Wordpress, Vodpod Video Gallery | 2017-08-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in vodpod-video-gallery/vodpod_gallery_thumbs.php in the Vodpod Video Gallery Plugin 3.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gid parameter. | |||||
CVE-2011-1669 | 2 Mikoviny, Wordpress | 2 Wp Custom Pages, Wordpress | 2017-08-16 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter. | |||||
CVE-2011-0760 | 2 Adminofsystem, Wordpress | 2 Wp Related Posts, Wordpress | 2017-08-16 | 4.3 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the configuration screen in wp-relatedposts.php in the WP Related Posts plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the (1) wp_relatedposts_title, (2) wp_relatedposts_num, or (3) wp_relatedposts_type parameter. | |||||
CVE-2010-4630 | 2 Fubra, Wordpress | 2 Wp-survey-and-quiz-tool, Wordpress | 2017-08-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in pages/admin/surveys/create.php in the WP Survey And Quiz Tool plugin 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
CVE-2010-4637 | 2 Finalcut, Wordpress | 2 Feedlist, Wordpress | 2017-08-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in feedlist/handler_image.php in the FeedList plugin 2.61.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter. | |||||
CVE-2010-4747 | 2 Ahmattox, Wordpress | 2 Processing Embed Plugin, Wordpress | 2017-08-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in wordpress-processing-embed/data/popup.php in the Processing Embed plugin 0.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pluginurl parameter. | |||||
CVE-2011-0740 | 2 Pleer, Wordpress | 2 Rss Feed Reader, Wordpress | 2017-08-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in RSS Feed Reader 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter. | |||||
CVE-2011-0759 | 2 Blaenkdenum, Wordpress | 2 Wp-recaptcha, Wordpress | 2017-08-16 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the configuration page in the Recaptcha (aka WP-reCAPTCHA) plugin 2.9.8.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that disable the CAPTCHA requirement or insert cross-site scripting (XSS) sequences via the (1) recaptcha_opt_pubkey, (2) recaptcha_opt_privkey, (3) re_tabindex, (4) error_blank, (5) error_incorrect, (6) mailhide_pub, (7) mailhide_priv, (8) mh_replace_link, or (9) mh_replace_title parameter. | |||||
CVE-2011-0641 | 2 Heart5, Wordpress | 2 Statpresscn, Wordpress | 2017-08-16 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/admin.php in the StatPressCN plugin 1.9.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) what1, (2) what2, (3) what3, (4) what4, and (5) what5 parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2010-2924 | 2 Silvercover, Wordpress | 2 Mylinksdump Plugin, Wordpress | 2017-08-16 | 7.5 HIGH | N/A |
SQL injection vulnerability in myLDlinker.php in the myLinksDump Plugin 1.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the url parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2010-1186 | 2 Alex Rabe, Wordpress | 2 Nextgen Gallery, Wordpress | 2017-08-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the NextGEN Gallery plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter. | |||||
CVE-2009-4424 | 2 Imotta, Wordpress | 2 Pyrmont Plugin, Wordpress | 2017-08-16 | 7.5 HIGH | N/A |
SQL injection vulnerability in results.php in the Pyrmont plugin 2 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2008-6767 | 1 Wordpress | 1 Wordpress | 2017-08-16 | 10.0 HIGH | N/A |
wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to upgrade the application, and possibly cause a denial of service (application outage), via a direct request. | |||||
CVE-2008-7040 | 2 Wordpress, Yellowswordfish | 2 Wordpress, Simple Forum | 2017-08-16 | 7.5 HIGH | N/A |
SQL injection vulnerability in ahah/sf-profile.php in the Yellow Swordfish Simple Forum module for Wordpress allows remote attackers to execute arbitrary SQL commands via the u parameter. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect. | |||||
CVE-2008-6762 | 1 Wordpress | 1 Wordpress | 2017-08-16 | 4.3 MEDIUM | N/A |
Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto parameter. | |||||
CVE-2008-5278 | 1 Wordpress | 1 Wordpress | 2017-08-07 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable). | |||||
CVE-2008-5113 | 1 Wordpress | 1 Wordpress | 2017-08-07 | 4.0 MEDIUM | N/A |
WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). NOTE: this issue relies on the presence of an independent vulnerability that allows cookie injection. |