Filtered by vendor Wordpress
Subscriptions
Total
11973 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-5105 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the user_email parameter. | ||||
| CVE-2008-5752 | 1 Wordpress | 2 Page Flip Image Gallery Plugin, Wordpress | 2026-04-23 | N/A |
| Directory traversal vulnerability in getConfig.php in the Page Flip Image Gallery plugin 0.2.2 and earlier for WordPress, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the book_id parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-4544 | 1 Wordpress | 1 Wordpress Mu | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the weblog_id parameter (Username field). | ||||
| CVE-2007-4893 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field. | ||||
| CVE-2008-4732 | 2 Pressography, Wordpress | 2 Wp Comment Remix Plugin, Wordpress | 2026-04-23 | N/A |
| SQL injection vulnerability in ajax_comments.php in the WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the p parameter. | ||||
| CVE-2007-3140 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897. | ||||
| CVE-2008-0205 | 1 Wordpress | 1 Math Comment Spam Protection Plugin | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) mcsp_opt_msg_no_answer or (2) mcsp_opt_msg_wrong_answer parameter to wp-admin/options-general.php. | ||||
| CVE-2009-3891 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter (aka the selection variable). | ||||
| CVE-2007-4483 | 1 Wordpress | 1 Wordpressclassic | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the WordPress Classic 1.5 theme in WordPress before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). | ||||
| CVE-2008-0388 | 1 Wordpress | 1 Wp Forum | 2026-04-23 | N/A |
| SQL injection vulnerability in the WP-Forum 1.7.4 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the user parameter in a showprofile action to the default URI. | ||||
| CVE-2008-7216 | 1 Wordpress | 1 Peter\'s Math Anti-spam For Wordpress | 2026-04-23 | N/A |
| Peter's Math Anti-Spam Spinoff plugin for WordPress generates audio CAPTCHA clips by concatenating static audio files without any additional distortion, which allows remote attackers to bypass CAPTCHA protection by reading certain bytes from the generated clip. | ||||
| CVE-2008-2146 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages. | ||||
| CVE-2007-4894 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to "early database escaping" and missing validation of "query string like parameters." | ||||
| CVE-2007-4480 | 1 Wordpress | 1 Sirius | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the Sirius 1.0 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). | ||||
| CVE-2006-6016 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter. | ||||
| CVE-2007-6013 | 2 Fedoraproject, Wordpress | 2 Fedora, Wordpress | 2026-04-23 | 9.8 Critical |
| Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash. | ||||
| CVE-2008-3233 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN development versions only, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2006-5705 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request. | ||||
| CVE-2008-1646 | 2 Arnos Toolbox, Wordpress | 2 Wp-download, Wp Download | 2026-04-23 | N/A |
| SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the dl_id parameter. | ||||
| CVE-2009-2383 | 2 Blogtrafficexchange, Wordpress | 2 Related-sites, Wordpress | 2026-04-23 | N/A |
| SQL injection vulnerability in BTE_RW_webajax.php in the Related Sites plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the guid parameter. | ||||