Filtered by vendor Wordpress
Subscriptions
Total
6177 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-5191 | 2 Blairwilliams, Wordpress | 2 Pretty Link Lite Plugin, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5192. | ||||
| CVE-2011-4618 | 2 Simplerealtytheme, Wordpress | 2 Advanced Text Widget Plugin, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. | ||||
| CVE-2011-4342 | 2 Backwpup, Wordpress | 2 Backwpup, Wordpress | 2025-04-11 | N/A |
| PHP remote file inclusion vulnerability in wp_xml_export.php in the BackWPup plugin before 1.7.2 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter. | ||||
| CVE-2011-1669 | 2 Mikoviny, Wordpress | 2 Wp Custom Pages, Wordpress | 2025-04-11 | N/A |
| Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter. | ||||
| CVE-2011-5182 | 1 Wordpress | 2 Lanoba Social Plugin, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in lanoba-social-plugin/index.php in the Lanoba Social plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor disputes this issue, stating "Lanoba's plug in does sanitize user input, and because that input is never sent to the browser, an attacker has no way of executing script or code on a user's behalf. | ||||
| CVE-2010-4518 | 2 Wobeo, Wordpress | 2 Wp-safe-search, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-safe-search/wp-safe-search-jx.php in the Safe Search plugin 0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the v1 parameter. | ||||
| CVE-2013-4954 | 2 Genetechsolutions, Wordpress | 2 Pie-register, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password" is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pass1 or (2) pass2 parameter in a register action. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2013-3261 | 2 Photogallerycreator, Wordpress | 2 Flash-album-gallery, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the GRAND FlAGallery plugin before 2.72 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in a flag-manage-gallery action. | ||||
| CVE-2012-6499 | 2 Age Verification Project, Wordpress | 2 Age Verification, Wordpress | 2025-04-11 | N/A |
| Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter. | ||||
| CVE-2013-2743 | 2 Ithemes, Wordpress | 2 Backupbuddy, Wordpress | 2025-04-11 | N/A |
| importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress allows remote attackers to bypass authentication via a crafted integer in the step parameter. | ||||
| CVE-2013-2696 | 2 Crunchify, Wordpress | 2 All-in-on-webmaster, Wordpress | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the All in One Webmaster plugin before 8.2.4 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | ||||
| CVE-2013-0736 | 2 Cartpauj, Wordpress | 2 Mingle-forum, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) modify user privileges or (2) conduct cross-site scripting (XSS) attacks via unspecified vectors. | ||||
| CVE-2013-5738 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| The get_allowed_mime_types function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfiltered_html capability for uploads of .htm and .html files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file. | ||||
| CVE-2012-6312 | 2 Video-lead-form, Wordpress | 2 Uk-cookie, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php. | ||||
| CVE-2012-5913 | 2 Wordpress, Wordpress Integrator Project | 2 Wordpress, Wordpress Integrator | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php. | ||||
| CVE-2013-4340 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified user_ID parameter. | ||||
| CVE-2012-5388 | 2 Videousermanuals, Wordpress | 2 White-label-cms, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, a related issue to CVE-2012-5387. | ||||
| CVE-2012-5350 | 1 Wordpress | 2 Pay-with-tweet, Wordpress | 2025-04-11 | N/A |
| SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode. | ||||
| CVE-2012-5318 | 2 Kishore Asokan, Wordpress | 2 Kish Guest Posting Plugin, Wordpress | 2025-04-11 | N/A |
| Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1125. | ||||
| CVE-2012-5229 | 1 Wordpress | 2 Slideshow Gallery2, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in css/gallery-css.php in the Slideshow Gallery2 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the border parameter. | ||||