Total
578 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-0701 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 4.0 MEDIUM | N/A |
| wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter. | |||||
| CVE-2011-3864 | 2 Somadesign, Wordpress | 2 The Erudite, Wordpress | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the The Erudite theme before 2.7.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. | |||||
| CVE-2012-5229 | 1 Wordpress | 2 Slideshow Gallery2, Wordpress | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in css/gallery-css.php in the Slideshow Gallery2 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the border parameter. | |||||
| CVE-2013-3491 | 2 Mdolon, Wordpress | 2 Sharebar, Wordpress | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Sharebar plugin 1.2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) modify buttons, or (3) insert cross-site scripting (XSS) sequences. | |||||
| CVE-2012-2371 | 2 Mnt-tech, Wordpress | 2 Wp-facethumb, Wordpress | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter. | |||||
| CVE-2011-1669 | 2 Mikoviny, Wordpress | 2 Wp Custom Pages, Wordpress | 2025-04-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter. | |||||
| CVE-2011-5254 | 2 Connections Project, Wordpress | 2 Connections, Wordpress | 2025-04-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Connections plugin before 0.7.1.6 for WordPress has unknown impact and attack vectors. | |||||
| CVE-2012-6499 | 2 Age Verification Project, Wordpress | 2 Age Verification, Wordpress | 2025-04-11 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter. | |||||
| CVE-2013-2501 | 2 Terillion, Wordpress | 2 Terillion Reviews Plugin, Wordpress | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field. | |||||
| CVE-2012-0287 | 2 Microsoft, Wordpress | 2 Internet Explorer, Wordpress | 2025-04-11 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the "Duplicate comment detected" feature. | |||||
| CVE-2011-5264 | 2 Marcel Brinkkemper, Wordpress | 2 Lazyest-backup, Wordpress | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in lazyest-backup.php in the Lazyest Backup plugin before 0.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xml_or_all parameter. | |||||
| CVE-2013-6010 | 2 Wearegumball, Wordpress | 2 Comment-attachment, Wordpress | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Comment Attachment plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Attachment field title." | |||||
| CVE-2012-6312 | 2 Video-lead-form, Wordpress | 2 Uk-cookie, Wordpress | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php. | |||||
| CVE-2012-5177 | 2 Welcart, Wordpress | 2 Welcart Plugin, Wordpress | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-3858 | 2 Wordpress, Zespia | 2 Wordpress, Pixiv Custom | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2010-1186 | 2 Alex Rabe, Wordpress | 2 Nextgen Gallery, Wordpress | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the NextGEN Gallery plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter. | |||||
| CVE-2011-5193 | 2 Phpace, Wordpress | 2 Samswhois, Wordpress | 2025-04-11 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin 1.4.2.3 for WordPress, when the WHOIS widget is enabled, allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php, a different vulnerability than CVE-2011-5194. | |||||
| CVE-2011-3125 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Various security hardening." | |||||
| CVE-2012-0782 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname parameter. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether this specific XSS scenario has security relevance | |||||
| CVE-2012-6506 | 2 Wordpress, Zingiri | 2 Wordpress, Zingiri Web Shop | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php. | |||||