Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Wordpress Subscribe
Total 621 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-3576 2 Jquindlen, Wordpress 2 Wpstorecart, Wordpress 2017-08-28 10.0 HIGH N/A
Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin before 2.5.30 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/wpstorecart.
CVE-2012-3575 2 Rbx Gallery, Wordpress 2 Rbx Gallery, Wordpress 2017-08-28 10.0 HIGH N/A
Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/rbxslider.
CVE-2012-1785 2 Kylegilman, Wordpress 2 Video Embed \& Thumbnail Generator, Wordpress 2017-08-28 7.5 HIGH N/A
kg_callffmpeg.php in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2012-2913 2 Mapsmarker, Wordpress 2 Leaflet Maps Marker Plugin, Wordpress 2017-08-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plugin 0.0.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) leaflet_layer.php or (2) leaflet_marker.php, as reachable through wp-admin/admin.php.
CVE-2012-2759 2 Netweblogic, Wordpress 2 Login With Ajax, Wordpress 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the Login With Ajax (aka login-with-ajax) plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter in a lostpassword action to wp-login.php.
CVE-2012-1068 2 Mg12, Wordpress 2 Wp-recentcomments, Wordpress 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the rc_ajax function in core.php in the WP-RecentComments plugin before 2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter, related to AJAX paging.
CVE-2012-1125 2 Kishore Asokan, Wordpress 2 Kish Guest Posting Plugin, Wordpress 2017-08-28 6.8 MEDIUM N/A
Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin before 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the directory specified by the folder parameter.
CVE-2012-1067 2 Mg12, Wordpress 2 Wp-recentcomments, Wordpress 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in the WP-RecentComments plugin 2.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in an rc-content action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2012-1011 2 Likno, Wordpress 2 Allwebmenus Plugin, Wordpress 2017-08-28 7.5 HIGH N/A
actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.
CVE-2012-1010 2 Likno, Wordpress 2 Allwebmenus Plugin, Wordpress 2017-08-28 7.5 HIGH N/A
Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.
CVE-2012-3588 1 Wordpress 2 Plugin Newsletter Plugin, Wordpress 2017-08-28 5.0 MEDIUM N/A
Directory traversal vulnerability in preview.php in the Plugin Newsletter plugin 1.5 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the data parameter.
CVE-2012-0934 2 Wordpress, Zingiri 2 Wordpress, Theme Tuner Plugin 2017-08-28 7.5 HIGH N/A
PHP remote file inclusion vulnerability in ajax/savetag.php in the Theme Tuner plugin for WordPress before 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the tt-abspath parameter.
CVE-2012-0898 2 Camaleo, Wordpress 2 Myeasybackup, Wordpress 2017-08-28 5.0 MEDIUM N/A
Directory traversal vulnerability in meb_download.php in the myEASYbackup plugin 1.0.8.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dwn_file parameter.
CVE-2011-3981 2 Likno, Wordpress 2 Allwebmenus Plugin, Wordpress 2017-08-28 7.5 HIGH N/A
PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
CVE-2011-5226 2 Trioniclabs, Wordpress 2 Sentinel, Wordpress 2017-08-28 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to hijack the authentication of an administrator for requests that trigger snapshots.
CVE-2011-5225 2 Trioniclabs, Wordpress 2 Sentinel, Wordpress 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2011-5224 2 Trioniclabs, Wordpress 2 Sentinel, Wordpress 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-5216 2 Troyef, Wordpress 2 Scorm Cloud, Wordpress 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress plugin before 1.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the active parameter. NOTE: some of these details are obtained from third party information.
CVE-2011-5207 2 Thecartpress, Wordpress 2 Thecartpress, Wordpress 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script or HTML via the tcp_name_post_XXXXX parameter.
CVE-2011-5194 2 Phpace, Wordpress 2 Samswhois, Wordpress 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin before 1.4.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vulnerability than CVE-2011-5193.