Filtered by vendor Wordpress Subscriptions
Total 13860 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-5732 1 Wordpress 1 Wordpress 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a widget title.
CVE-2016-5832 1 Wordpress 1 Wordpress 2025-04-12 N/A
The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors.
CVE-2014-9031 1 Wordpress 1 Wordpress 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post.
CVE-2016-5833 1 Wordpress 1 Wordpress 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the column_title function in wp-admin/includes/class-wp-media-list-table.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5834.
CVE-2015-3440 2 Debian, Wordpress 2 Debian Linux, Wordpress 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type.
CVE-2012-5868 1 Wordpress 1 Wordpress 2025-04-11 N/A
WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.
CVE-2010-0673 2 Copperleaf, Wordpress 2 Photolog, Wordpress 2025-04-11 N/A
SQL injection vulnerability in cplphoto.php in the Copperleaf Photolog plugin 0.16, and possibly earlier, for WordPress allows remote attackers to execute arbitrary SQL commands via the postid parameter.
CVE-2011-3122 1 Wordpress 1 Wordpress 2025-04-11 N/A
Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Media security."
CVE-2011-3858 2 Wordpress, Zespia 2 Wordpress, Pixiv Custom 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2011-3863 2 Post-scriptum, Wordpress 2 Redline, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the RedLine theme before 1.66 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2011-4673 2 Automattic, Wordpress 2 Jetpack, Wordpress 2025-04-11 N/A
SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2013-5961 2 Danny Morris, Wordpress 2 Lazy Seo, Wordpress 2025-04-11 N/A
Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in lazy-seo/.
CVE-2011-4646 2 Lesterchan, Wordpress 2 Wp-postratings, Wordpress 2025-04-11 N/A
SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information.
CVE-2012-6499 2 Age Verification Project, Wordpress 2 Age Verification, Wordpress 2025-04-11 N/A
Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter.
CVE-2012-5856 2 Uk-cookie Project, Wordpress 2 Uk-cookie, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka uk-cookie) plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1186 2 Alex Rabe, Wordpress 2 Nextgen Gallery, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the NextGEN Gallery plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter.
CVE-2012-2371 2 Mnt-tech, Wordpress 2 Wp-facethumb, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter.
CVE-2013-4625 2 Cory Lamle, Wordpress 2 Duplicator, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter.
CVE-2012-4264 2 Bit51, Wordpress 2 Better-wp-security, Wordpress 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "server variables," a different vulnerability than CVE-2012-4263.
CVE-2013-0721 2 Wordpress, Wp Php Widget Project 2 Wordpress, Wp Php Widget 2025-04-11 N/A
wp-php-widget.php in the WP PHP widget plugin 1.0.2 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.