Export limit exceeded: 11187 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11187 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-5193 | 2 Phpace, Wordpress | 2 Samswhois, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin 1.4.2.3 for WordPress, when the WHOIS widget is enabled, allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php, a different vulnerability than CVE-2011-5194. | ||||
| CVE-2011-5192 | 2 Blairwilliams, Wordpress | 2 Pretty Link Lite Plugin, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5191. | ||||
| CVE-2011-5191 | 2 Blairwilliams, Wordpress | 2 Pretty Link Lite Plugin, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5192. | ||||
| CVE-2011-5107 | 1 Wordpress | 2 Alert Before You Post, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter. | ||||
| CVE-2011-5106 | 2 Fractalia, Wordpress | 2 Flexible Custom Post Type, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2011-4673 | 2 Automattic, Wordpress | 2 Jetpack, Wordpress | 2025-04-11 | N/A |
| SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2011-4671 | 2 Adrotateplugin, Wordpress | 2 Adrotate, Wordpress | 2025-04-11 | N/A |
| SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL). | ||||
| CVE-2011-4669 | 1 Wordpress | 2 Wordpress, Wordpress-users | 2025-04-11 | N/A |
| SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the uid parameter to index.php. | ||||
| CVE-2011-3858 | 2 Wordpress, Zespia | 2 Wordpress, Pixiv Custom | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | ||||
| CVE-2011-3857 | 2 Antisocialmediallc, Wordpress | 2 Antisnews, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Antisnews theme before 1.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | ||||
| CVE-2011-3856 | 2 Atastypixel, Wordpress | 2 Elegant Grunge, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme before 1.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | ||||
| CVE-2011-3855 | 2 Graphpaperpress, Wordpress | 2 F8 Lite, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | ||||
| CVE-2011-3854 | 2 Quirm, Wordpress | 2 Zenlite, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | ||||
| CVE-2011-3853 | 2 Themehybrid, Wordpress | 2 Hybrid, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Hybrid theme before 0.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. | ||||
| CVE-2011-3852 | 2 Theme4press, Wordpress | 2 Evolve, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | ||||
| CVE-2011-3851 | 2 Devpress, Wordpress | 2 News, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the News theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. | ||||
| CVE-2011-3850 | 2 Bytesforall, Wordpress | 2 Atahualpa, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Atahualpa theme before 3.6.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | ||||
| CVE-2011-0740 | 2 Pleer, Wordpress | 2 Rss Feed Reader, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in RSS Feed Reader 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter. | ||||
| CVE-2011-0641 | 2 Heart5, Wordpress | 2 Statpresscn, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/admin.php in the StatPressCN plugin 1.9.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) what1, (2) what2, (3) what3, (4) what4, and (5) what5 parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2010-5106 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role. | ||||