Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
11831 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-5191 | 2 Blairwilliams, Wordpress | 2 Pretty Link Lite Plugin, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5192. | ||||
| CVE-2012-5346 | 2 Bencemeszaros, Wordpress | 2 Wp-livephp, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-live.php in the WP Live.php module 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2012-5328 | 2 Cartpauj, Wordpress | 2 Mingle-forum, Wordpress | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via the (1) memberid or (2) groupid parameters in a removemember action or (3) id parameter to fs-admin/fs-admin.php, or (4) edit_forum_id parameter in an edit_save_forum action to fs-admin/wpf-edit-forum-group.php. | ||||
| CVE-2013-3253 | 2 Wordpress, Xhanch | 2 Wordpress, My Twitter | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/setting.php in the Xhanch - My Twitter plugin before 2.7.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change unspecified settings. | ||||
| CVE-2013-4944 | 2 Fusedpress, Wordpress | 2 Buddypress-extended-frienship-request, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the BuddyPress Extended Friendship Request plugin before 1.0.2 for WordPress, when the "Friend Connections" component is enabled, allows remote attackers to inject arbitrary web script or HTML via the friendship_request_message parameter to wp-admin/admin-ajax.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2012-6313 | 2 Simple Gmail Login, Wordpress | 3 1.1.2, 1.1.3, Wordpress | 2025-04-11 | N/A |
| simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace. | ||||
| CVE-2011-5265 | 2 Featurific For Wordpress Project, Wordpress | 2 Featurific-for-wordpress, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter. NOTE: this has been disputed by a third party. | ||||
| CVE-2012-5325 | 2 Cartpauj, Wordpress | 2 Shortcode-redirect, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the scr_do_redirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via the (1) url or (2) sec attributes in a redirect tag. | ||||
| CVE-2011-5193 | 2 Phpace, Wordpress | 2 Samswhois, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin 1.4.2.3 for WordPress, when the WHOIS widget is enabled, allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php, a different vulnerability than CVE-2011-5194. | ||||
| CVE-2012-5318 | 2 Kishore Asokan, Wordpress | 2 Kish Guest Posting Plugin, Wordpress | 2025-04-11 | N/A |
| Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1125. | ||||
| CVE-2011-5128 | 2 Bueltge, Wordpress | 2 Adminimize, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize plugin before 1.7.22 for WordPress allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) inc-options/deinstall_options.php, (2) inc-options/theme_options.php, or (3) inc-options/im_export_options.php, or the (4) post or (5) post_ID parameters to adminimize.php, different vectors than CVE-2011-4926. | ||||
| CVE-2013-5673 | 2 Indianic, Wordpress | 2 Testimonial Plugin, Wordpress | 2025-04-11 | N/A |
| SQL injection vulnerability in testimonial.php in the IndiaNIC Testimonial plugin 2.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the custom_query parameter in a testimonial_add action to wp-admin/admin-ajax.php. | ||||
| CVE-2011-5104 | 2 Getshopped, Wordpress | 2 Wp E-commerce, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in wpsc-admin/display-sales-logs.php in WP e-Commerce plugin 3.8.7.1 and possibly earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_text parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2011-4926 | 2 Bueltge, Wordpress | 2 Adminimize, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. | ||||
| CVE-2013-0237 | 3 Fedoraproject, Moxiecode, Wordpress | 3 Fedora, Plupload, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2011-4618 | 2 Simplerealtytheme, Wordpress | 2 Advanced Text Widget Plugin, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. | ||||
| CVE-2011-4342 | 2 Backwpup, Wordpress | 2 Backwpup, Wordpress | 2025-04-11 | N/A |
| PHP remote file inclusion vulnerability in wp_xml_export.php in the BackWPup plugin before 1.7.2 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter. | ||||
| CVE-2013-2702 | 2 Thulasidas, Wordpress | 2 Easy-adsense-lite, Wordpress | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Easy AdSense Lite plugin before 6.10 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify this plugin's settings. | ||||
| CVE-2013-4626 | 2 Marketpress, Wordpress | 2 Backwpup Plugin, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the BackWPup plugin before 3.0.13 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter to wp-admin/admin.php. | ||||
| CVE-2012-5178 | 2 Welcart, Wordpress | 2 Welcart Plugin, Wordpress | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that complete a purchase. | ||||