Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
8004 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-5296 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. | ||||
| CVE-2010-4536 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersand) character, (2) the case of an attribute name, (3) a padded entity, and (4) an entity that is not in normalized form. | ||||
| CVE-2011-5265 | 2 Featurific For Wordpress Project, Wordpress | 2 Featurific-for-wordpress, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter. NOTE: this has been disputed by a third party. | ||||
| CVE-2011-5257 | 2 Appthemes, Wordpress | 2 Classipress, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Classipress theme before 3.1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) twitter_id parameter related to the Twitter widget and (2) facebook_id parameter related to the Facebook widget. | ||||
| CVE-2011-5216 | 2 Troyef, Wordpress | 2 Scorm Cloud, Wordpress | 2025-04-11 | N/A |
| SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress plugin before 1.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the active parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2011-5208 | 2 Backwpup, Wordpress | 2 Backwpup, Wordpress | 2025-04-11 | N/A |
| Multiple directory traversal vulnerabilities in the BackWPup plugin before 1.4.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the wpabs parameter to (1) app/options-view_log-iframe.php or (2) app/options-runnow-iframe.php. | ||||
| CVE-2011-5207 | 2 Thecartpress, Wordpress | 2 Thecartpress, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script or HTML via the tcp_name_post_XXXXX parameter. | ||||
| CVE-2011-5193 | 2 Phpace, Wordpress | 2 Samswhois, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin 1.4.2.3 for WordPress, when the WHOIS widget is enabled, allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php, a different vulnerability than CVE-2011-5194. | ||||
| CVE-2011-5192 | 2 Blairwilliams, Wordpress | 2 Pretty Link Lite Plugin, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5191. | ||||
| CVE-2011-5180 | 2 Wordpress, Zooeffect | 2 Wordpress, Zooeffect | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-1pluginjquery.php in the ZooEffect plugin 1.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: some of these details are obtained from third party information. NOTE: this has been disputed by a third party. | ||||
| CVE-2011-5179 | 2 Skysa, Wordpress | 2 Skysa App Bar Integration Plugin, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter. | ||||
| CVE-2011-5128 | 2 Bueltge, Wordpress | 2 Adminimize, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize plugin before 1.7.22 for WordPress allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) inc-options/deinstall_options.php, (2) inc-options/theme_options.php, or (3) inc-options/im_export_options.php, or the (4) post or (5) post_ID parameters to adminimize.php, different vectors than CVE-2011-4926. | ||||
| CVE-2011-5107 | 1 Wordpress | 2 Alert Before You Post, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter. | ||||
| CVE-2011-5106 | 2 Fractalia, Wordpress | 2 Flexible Custom Post Type, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2011-3859 | 2 Themehybrid, Wordpress | 2 Trending, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. | ||||
| CVE-2010-4747 | 2 Ahmattox, Wordpress | 2 Processing Embed Plugin, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in wordpress-processing-embed/data/popup.php in the Processing Embed plugin 0.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pluginurl parameter. | ||||
| CVE-2013-2203 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| WordPress before 3.5.2, when the uploads directory forbids write access, allows remote attackers to obtain sensitive information via an invalid upload request, which reveals the absolute path in an XMLHttpRequest error message. | ||||
| CVE-2013-6991 | 2 Wokamoto, Wordpress | 2 Wp-cron Dashboard, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard plugin 1.1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the procname parameter to wp-admin/tools.php. | ||||
| CVE-2013-5918 | 2 Platinum Seo Project, Wordpress | 2 Platinum Seo Plugin, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in platinum_seo_pack.php in the Platinum SEO plugin before 1.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | ||||
| CVE-2012-4263 | 2 Bit51, Wordpress | 2 Better-wp-security, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_USER_AGENT header. | ||||