Search Results (9159 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-2200 1 Wordpress 1 Wordpress 2025-04-11 N/A
WordPress before 3.5.2 does not properly check the capabilities of roles, which allows remote authenticated users to bypass intended restrictions on publishing and authorship reassignment via unspecified vectors.
CVE-2012-4327 2 Wordpress, Wpslideshow 2 Wordpress, Image News Slider 2025-04-11 N/A
Unspecified vulnerability in the Image News slider plugin before 3.3 for WordPress has unspecified impact and remote attack vectors.
CVE-2013-7276 2 Recommend To A Friend Project, Wordpress 2 Recommend To A Friend, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in inc/raf_form.php in the Recommend to a friend plugin 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the current_url parameter.
CVE-2012-1786 2 Kylegilman, Wordpress 2 Video Embed \& Thumbnail Generator, Wordpress 2025-04-11 N/A
The Media Upload form in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to obtain the installation path via unknown vectors.
CVE-2012-0898 2 Camaleo, Wordpress 2 Myeasybackup, Wordpress 2025-04-11 N/A
Directory traversal vulnerability in meb_download.php in the myEASYbackup plugin 1.0.8.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dwn_file parameter.
CVE-2012-0895 2 Tom Braider, Wordpress 2 Count Per Day, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter.
CVE-2010-2924 2 Silvercover, Wordpress 2 Mylinksdump Plugin, Wordpress 2025-04-11 N/A
SQL injection vulnerability in myLDlinker.php in the myLinksDump Plugin 1.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the url parameter. NOTE: some of these details are obtained from third party information.
CVE-2012-5868 1 Wordpress 1 Wordpress 2025-04-11 N/A
WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.
CVE-2011-3851 2 Devpress, Wordpress 2 News, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the News theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
CVE-2011-0701 1 Wordpress 1 Wordpress 2025-04-11 N/A
wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter.
CVE-2011-3981 2 Likno, Wordpress 2 Allwebmenus Plugin, Wordpress 2025-04-11 N/A
PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
CVE-2013-3253 2 Wordpress, Xhanch 2 Wordpress, My Twitter 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in admin/setting.php in the Xhanch - My Twitter plugin before 2.7.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change unspecified settings.
CVE-2010-5293 1 Wordpress 1 Wordpress 2025-04-11 N/A
wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match.
CVE-2012-3588 1 Wordpress 2 Plugin Newsletter Plugin, Wordpress 2025-04-11 N/A
Directory traversal vulnerability in preview.php in the Plugin Newsletter plugin 1.5 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the data parameter.
CVE-2012-4874 2 Awpcp, Wordpress 2 Another Wordpress Classifieds Plugin, Wordpress 2025-04-11 N/A
Unspecified vulnerability in the Another WordPress Classifieds Plugin before 2.0 for WordPress has unknown impact and attack vectors related to "image uploads."
CVE-2013-5963 2 Cdsincdesign, Wordpress 2 Simple Dropbox Upload Form, Wordpress 2025-04-11 N/A
Unrestricted file upload vulnerability in multi.php in Simple Dropbox Upload plugin before 1.8.8.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/wpdb/.
CVE-2011-3864 2 Somadesign, Wordpress 2 The Erudite, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the The Erudite theme before 2.7.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
CVE-2011-5106 2 Fractalia, Wordpress 2 Flexible Custom Post Type, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2013-5673 2 Indianic, Wordpress 2 Testimonial Plugin, Wordpress 2025-04-11 N/A
SQL injection vulnerability in testimonial.php in the IndiaNIC Testimonial plugin 2.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the custom_query parameter in a testimonial_add action to wp-admin/admin-ajax.php.
CVE-2011-3122 1 Wordpress 1 Wordpress 2025-04-11 N/A
Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Media security."