Filtered by vendor Wordpress Subscriptions
Total 13769 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2013-1464 2 Doryphores, Wordpress 2 Audio Player, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in assets/player.swf in the Audio Player plugin before 2.0.4.6 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the playerID parameter.
CVE-2012-2403 1 Wordpress 1 Wordpress 2025-04-11 N/A
wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
CVE-2011-3860 2 Onedesigns, Wordpress 2 Cover Wp, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2011-5051 2 Wordpress, Wpsymposium 2 Wordpress, Wp Symposium 2025-04-11 N/A
Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension using (1) uploadify/upload_admin_avatar.php or (2) uploadify/upload_profile_avatar.php, then accessing it via a direct request to the file in an unspecified directory inside the webroot.
CVE-2013-2173 1 Wordpress 1 Wordpress 2025-04-11 N/A
wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service (CPU consumption) via a crafted value of a certain wp-postpass cookie.
CVE-2011-4803 2 Bravenewcode, Wordpress 2 Wptouch, Wordpress 2025-04-11 N/A
SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2011-3864 2 Somadesign, Wordpress 2 The Erudite, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the The Erudite theme before 2.7.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
CVE-2011-3853 2 Themehybrid, Wordpress 2 Hybrid, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Hybrid theme before 0.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
CVE-2011-5106 2 Fractalia, Wordpress 2 Flexible Custom Post Type, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2012-1011 2 Likno, Wordpress 2 Allwebmenus Plugin, Wordpress 2025-04-11 N/A
actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.
CVE-2013-2202 1 Wordpress 1 Wordpress 2025-04-11 N/A
WordPress before 3.5.2 allows remote attackers to read arbitrary files via an oEmbed XML provider response containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2012-1068 2 Mg12, Wordpress 2 Wp-recentcomments, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the rc_ajax function in core.php in the WP-RecentComments plugin before 2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter, related to AJAX paging.
CVE-2012-6527 2 Joedolson, Wordpress 2 My Calendar, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the My Calendar plugin before 1.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2011-3130 1 Wordpress 1 Wordpress 2025-04-11 N/A
wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Taxonomy query hardening," possibly involving SQL injection.
CVE-2011-5192 2 Blairwilliams, Wordpress 2 Pretty Link Lite Plugin, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5191.
CVE-2013-0237 3 Fedoraproject, Moxiecode, Wordpress 3 Fedora, Plupload, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2011-5208 2 Backwpup, Wordpress 2 Backwpup, Wordpress 2025-04-11 N/A
Multiple directory traversal vulnerabilities in the BackWPup plugin before 1.4.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the wpabs parameter to (1) app/options-view_log-iframe.php or (2) app/options-runnow-iframe.php.
CVE-2011-5225 2 Trioniclabs, Wordpress 2 Sentinel, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2012-5177 2 Welcart, Wordpress 2 Welcart Plugin, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5739 1 Wordpress 1 Wordpress 2025-04-11 N/A
The default configuration of WordPress before 3.6.1 does not prevent uploads of .swf and .exe files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file, related to the get_allowed_mime_types function in wp-includes/functions.php.