Filtered by vendor Wordpress
Subscriptions
Total
645 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-2920 | 2 User Photo, Wordpress | 2 User Photo, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the userphoto_options_page function in user-photo.php in the User Photo plugin before 0.9.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to wp-admin/options-general.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2010-4747 | 2 Ahmattox, Wordpress | 2 Processing Embed Plugin, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in wordpress-processing-embed/data/popup.php in the Processing Embed plugin 0.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pluginurl parameter. | ||||
| CVE-2010-4637 | 2 Finalcut, Wordpress | 2 Feedlist, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in feedlist/handler_image.php in the FeedList plugin 2.61.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter. | ||||
| CVE-2012-2916 | 2 Dlo, Wordpress | 2 Simple Anti Bot Registration Engine Plugin, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in the SABRE plugin before 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the active_option parameter to wp-admin/tools.php. | ||||
| CVE-2013-2704 | 2 Metin Saylan, Wordpress | 2 Dropdown Menu Widget, Wordpress | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Dropdown Menu Widget plugin 1.9.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences. | ||||
| CVE-2013-2741 | 2 Ithemes, Wordpress | 2 Backupbuddy, Wordpress | 2025-04-11 | N/A |
| importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct request, (2) step=1 request, (3) step=2 or step=3 request, or (4) step=7 request. | ||||
| CVE-2013-3256 | 2 Shareaholic, Wordpress | 2 Sexybookmarks, Wordpress | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Shareaholic SexyBookmarks plugin 6.1.4.0 for WordPress allows remote attackers to hijack the authentication of users for requests that "manipulate plugin settings." | ||||
| CVE-2010-4630 | 2 Fubra, Wordpress | 2 Wp-survey-and-quiz-tool, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in pages/admin/surveys/create.php in the WP Survey And Quiz Tool plugin 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. | ||||
| CVE-2010-4536 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersand) character, (2) the case of an attribute name, (3) a padded entity, and (4) an entity that is not in normalized form. | ||||
| CVE-2013-2696 | 2 Crunchify, Wordpress | 2 All-in-on-webmaster, Wordpress | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the All in One Webmaster plugin before 8.2.4 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | ||||
| CVE-2010-4518 | 2 Wobeo, Wordpress | 2 Wp-safe-search, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-safe-search/wp-safe-search-jx.php in the Safe Search plugin 0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the v1 parameter. | ||||
| CVE-2010-4403 | 2 Devbits, Wordpress | 2 Register-plus, Wordpress | 2025-04-11 | N/A |
| The Register Plus plugin 3.5.1 and earlier for WordPress allows remote attackers to obtain sensitive information via a direct request to (1) dash_widget.php and (2) register-plus.php, which reveals the installation path in an error message. | ||||
| CVE-2013-2640 | 2 Mailup, Wordpress | 2 Wp-mailup, Wordpress | 2025-04-11 | N/A |
| ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks via unspecified vectors related to "formData=save" requests, a different version than CVE-2013-0731. | ||||
| CVE-2013-2697 | 2 Lester Chan, Wordpress | 2 Wp-downloadmanager, Wordpress | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the WP-DownloadManager plugin before 1.61 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | ||||
| CVE-2010-4402 | 2 Devbits, Wordpress | 2 Register-plus, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Register Plus plugin 3.5.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) firstname, (2) lastname, (3) website, (4) aim, (5) yahoo, (6) jabber, (7) about, (8) pass1, and (9) pass2 parameters in a register action. | ||||
| CVE-2010-4277 | 2 Jovelstefan, Wordpress | 2 Embedded-video, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in lembedded-video.php in the Embedded Video plugin 4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the content parameter to wp-admin/post.php. | ||||
| CVE-2013-2205 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| The default configuration of SWFUpload in WordPress before 3.5.2 has an unrestrictive security.allowDomain setting, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site. | ||||
| CVE-2010-4257 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field. | ||||
| CVE-2010-3977 | 2 Deliciousdays, Wordpress | 2 Cforms, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters. | ||||
| CVE-2012-2912 | 2 Kolja Schleich, Wordpress | 2 Leaguemanager, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the LeagueManager plugin 3.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter in the show-league page or (2) season parameter in the team page to wp-admin/admin.php. | ||||