Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
578 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2011-3818 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by wp-admin/includes/user.php and certain other files. | ||||
CVE-2011-3851 | 2 Devpress, Wordpress | 2 News, Wordpress | 2025-04-11 | N/A |
Cross-site scripting (XSS) vulnerability in the News theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. | ||||
CVE-2011-3852 | 2 Theme4press, Wordpress | 2 Evolve, Wordpress | 2025-04-11 | N/A |
Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | ||||
CVE-2011-3853 | 2 Themehybrid, Wordpress | 2 Hybrid, Wordpress | 2025-04-11 | N/A |
Cross-site scripting (XSS) vulnerability in the Hybrid theme before 0.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. | ||||
CVE-2011-3854 | 2 Quirm, Wordpress | 2 Zenlite, Wordpress | 2025-04-11 | N/A |
Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | ||||
CVE-2011-3855 | 2 Graphpaperpress, Wordpress | 2 F8 Lite, Wordpress | 2025-04-11 | N/A |
Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | ||||
CVE-2011-3856 | 2 Atastypixel, Wordpress | 2 Elegant Grunge, Wordpress | 2025-04-11 | N/A |
Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme before 1.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | ||||
CVE-2011-3857 | 2 Antisocialmediallc, Wordpress | 2 Antisnews, Wordpress | 2025-04-11 | N/A |
Cross-site scripting (XSS) vulnerability in the Antisnews theme before 1.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | ||||
CVE-2011-3858 | 2 Wordpress, Zespia | 2 Wordpress, Pixiv Custom | 2025-04-11 | N/A |
Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | ||||
CVE-2011-3859 | 2 Themehybrid, Wordpress | 2 Trending, Wordpress | 2025-04-11 | N/A |
Cross-site scripting (XSS) vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. | ||||
CVE-2011-3862 | 2 Adazing, Wordpress | 2 Morning Coffee, Wordpress | 2025-04-11 | N/A |
Cross-site scripting (XSS) vulnerability in the Morning Coffee theme before 3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. | ||||
CVE-2011-3863 | 2 Post-scriptum, Wordpress | 2 Redline, Wordpress | 2025-04-11 | N/A |
Cross-site scripting (XSS) vulnerability in the RedLine theme before 1.66 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | ||||
CVE-2011-3864 | 2 Somadesign, Wordpress | 2 The Erudite, Wordpress | 2025-04-11 | N/A |
Cross-site scripting (XSS) vulnerability in the The Erudite theme before 2.7.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. | ||||
CVE-2011-3865 | 2 Ulyssesonline, Wordpress | 2 Black-letterhead, Wordpress | 2025-04-11 | N/A |
Cross-site scripting (XSS) vulnerability in the Black-LetterHead theme before 1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. | ||||
CVE-2011-3981 | 2 Likno, Wordpress | 2 Allwebmenus Plugin, Wordpress | 2025-04-11 | N/A |
PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. | ||||
CVE-2011-4342 | 2 Backwpup, Wordpress | 2 Backwpup, Wordpress | 2025-04-11 | N/A |
PHP remote file inclusion vulnerability in wp_xml_export.php in the BackWPup plugin before 1.7.2 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter. | ||||
CVE-2011-4568 | 2 Foliovision, Wordpress | 2 Fv Wordpress Flowplayer Plugin, Wordpress | 2025-04-11 | N/A |
Cross-site scripting (XSS) vulnerability in view/frontend-head.php in the Flowplayer plugin before 1.2.12 for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI. | ||||
CVE-2011-4618 | 2 Simplerealtytheme, Wordpress | 2 Advanced Text Widget Plugin, Wordpress | 2025-04-11 | N/A |
Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. | ||||
CVE-2011-4646 | 2 Lesterchan, Wordpress | 2 Wp-postratings, Wordpress | 2025-04-11 | N/A |
SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information. | ||||
CVE-2011-4671 | 2 Adrotateplugin, Wordpress | 2 Adrotate, Wordpress | 2025-04-11 | N/A |
SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL). |