Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Wordpress Subscribe
Total 621 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-4874 2 Awpcp, Wordpress 2 Another Wordpress Classifieds Plugin, Wordpress 2012-09-06 10.0 HIGH N/A
Unspecified vulnerability in the Another WordPress Classifieds Plugin before 2.0 for WordPress has unknown impact and attack vectors related to "image uploads."
CVE-2011-5128 2 Bueltge, Wordpress 2 Adminimize, Wordpress 2012-08-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize plugin before 1.7.22 for WordPress allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) inc-options/deinstall_options.php, (2) inc-options/theme_options.php, or (3) inc-options/im_export_options.php, or the (4) post or (5) post_ID parameters to adminimize.php, different vectors than CVE-2011-4926.
CVE-2012-1835 2 Timely, Wordpress 2 All-in-one Event Calendar, Wordpress 2012-08-27 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php.
CVE-2012-4332 2 Barandisolutions, Wordpress 2 Shareyourcart, Wordpress 2012-08-27 5.0 MEDIUM N/A
The ShareYourCart plugin 1.7.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors related to the SDK.
CVE-2012-4272 2 Ppfeufer, Wordpress 2 2-click-social-media-buttons, Wordpress 2012-08-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "processing of the buttons of Xing and Pinterest".
CVE-2012-4264 2 Bit51, Wordpress 2 Better-wp-security, Wordpress 2012-08-13 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "server variables," a different vulnerability than CVE-2012-4263.
CVE-2012-4283 2 Netweblogic, Wordpress 2 Login With Ajax, Wordpress 2012-08-13 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Login With Ajax plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter.
CVE-2012-2371 2 Mnt-tech, Wordpress 2 Wp-facethumb, Wordpress 2012-08-13 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter.
CVE-2012-3384 1 Wordpress 1 Wordpress 2012-08-08 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2012-3385 1 Wordpress 1 Wordpress 2012-07-23 5.0 MEDIUM N/A
WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors.
CVE-2011-4957 1 Wordpress 1 Wordpress 2012-06-28 5.0 MEDIUM N/A
The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a crafted URL that triggers many recursive calls.
CVE-2012-3814 2 Pippin Williamson, Wordpress 2 Font Uploader, Wordpress 2012-06-27 7.5 HIGH N/A
Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf extension, then accessing it via a direct request to the file in font-uploader/fonts.
CVE-2011-4956 1 Wordpress 1 Wordpress 2012-06-27 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-3852 2 Theme4press, Wordpress 2 Evolve, Wordpress 2012-05-20 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2011-3818 1 Wordpress 1 Wordpress 2012-05-20 5.0 MEDIUM N/A
WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by wp-admin/includes/user.php and certain other files.
CVE-2011-3851 2 Devpress, Wordpress 2 News, Wordpress 2012-05-20 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the News theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
CVE-2011-3856 2 Atastypixel, Wordpress 2 Elegant Grunge, Wordpress 2012-05-20 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme before 1.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2011-3855 2 Graphpaperpress, Wordpress 2 F8 Lite, Wordpress 2012-05-20 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2011-3853 2 Themehybrid, Wordpress 2 Hybrid, Wordpress 2012-05-20 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Hybrid theme before 0.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
CVE-2011-3858 2 Wordpress, Zespia 2 Wordpress, Pixiv Custom 2012-05-17 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.