Filtered by vendor Wordpress
Subscribe
Total
621 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-4028 | 1 Wordpress | 1 Wordpress | 2011-08-31 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is likely that 2.0.4 addresses an unspecified issue related to "Anyone can register" functionality (user registration for guests). | |||||
CVE-2010-4779 | 2 Bravenewcode, Wordpress | 2 Wptouch, Wordpress | 2011-05-30 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in lib/includes/auth.inc.php in the WPtouch plugin 1.9.19.4 and 1.9.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wptouch_settings parameter to include/adsense-new.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-0664 | 1 Wordpress | 1 Wordpress | 2011-03-07 | 6.4 MEDIUM | N/A |
The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors. | |||||
CVE-2007-1622 | 1 Wordpress | 1 Wordpress | 2011-03-07 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF. | |||||
CVE-2007-1049 | 2 Gentoo, Wordpress | 2 Linux, Wordpress | 2011-03-07 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable. | |||||
CVE-2007-1230 | 1 Wordpress | 1 Wordpress | 2011-03-07 | 5.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different vulnerability than CVE-2007-1049. | |||||
CVE-2006-5705 | 1 Wordpress | 1 Wordpress | 2011-03-07 | 6.0 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request. | |||||
CVE-2010-0682 | 1 Wordpress | 1 Wordpress | 2011-01-18 | 4.0 MEDIUM | N/A |
WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter. | |||||
CVE-2009-4169 | 2 Roytanck, Wordpress | 2 Wp-cumulus, Wordpress | 2011-01-05 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in wp-cumulus.php in the WP-Cumulus Plug-in before 1.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2010-4518 | 2 Wobeo, Wordpress | 2 Wp-safe-search, Wordpress | 2010-12-17 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in wp-safe-search/wp-safe-search-jx.php in the Safe Search plugin 0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the v1 parameter. | |||||
CVE-2010-0673 | 2 Copperleaf, Wordpress | 2 Photolog, Wordpress | 2010-02-22 | 7.5 HIGH | N/A |
SQL injection vulnerability in cplphoto.php in the Copperleaf Photolog plugin 0.16, and possibly earlier, for WordPress allows remote attackers to execute arbitrary SQL commands via the postid parameter. | |||||
CVE-2009-2144 | 3 Edgewall, Firestats, Wordpress | 3 Firestats, Firestats, Wordpress | 2009-08-20 | 7.5 HIGH | N/A |
SQL injection vulnerability in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2007-6677 | 2 Peters Software, Wordpress | 2 Random Anti-spam Image, Wordpress | 2008-11-14 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam Image 0.2.4 and earlier plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the comment field in the comment form. | |||||
CVE-2007-3543 | 1 Wordpress | 2 Wordpress, Wordpress Mu | 2008-11-14 | 6.0 MEDIUM | N/A |
Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php. | |||||
CVE-2008-3233 | 1 Wordpress | 1 Wordpress | 2008-09-05 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN development versions only, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2008-0618 | 2 Daniel M. Schurter, Wordpress | 2 Dmsguestbook, Wordpress | 2008-09-05 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) gbname, (2) gbemail, (3) gburl, and (4) gbmsg parameters to unspecified programs. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2006-6016 | 1 Wordpress | 1 Wordpress | 2008-09-05 | 4.0 MEDIUM | N/A |
wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter. | |||||
CVE-2006-6017 | 1 Wordpress | 1 Wordpress | 2008-09-05 | 4.0 MEDIUM | N/A |
WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display. | |||||
CVE-2006-1796 | 1 Wordpress | 1 Wordpress | 2008-09-05 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI ($_SERVER['REQUEST_URI']). | |||||
CVE-2006-1263 | 1 Wordpress | 1 Wordpress | 2008-09-05 | 4.3 MEDIUM | N/A |
Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. |