Filtered by vendor Wordpress
Subscribe
Total
621 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-6313 | 2 Simple Gmail Login, Wordpress | 3 1.1.2, 1.1.3, Wordpress | 2025-04-11 | 5.0 MEDIUM | N/A |
| simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace. | |||||
| CVE-2013-2703 | 2 Crunchify, Wordpress | 2 Facebook Members, Wordpress | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Facebook Members plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings. | |||||
| CVE-2012-3588 | 1 Wordpress | 2 Plugin Newsletter Plugin, Wordpress | 2025-04-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in preview.php in the Plugin Newsletter plugin 1.5 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the data parameter. | |||||
| CVE-2012-5469 | 2 Phpmyadmin, Wordpress | 2 Phpmyadmin, Wordpress | 2025-04-11 | 7.5 HIGH | N/A |
| The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod. | |||||
| CVE-2013-4944 | 2 Fusedpress, Wordpress | 2 Buddypress-extended-frienship-request, Wordpress | 2025-04-11 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the BuddyPress Extended Friendship Request plugin before 1.0.2 for WordPress, when the "Friend Connections" component is enabled, allows remote attackers to inject arbitrary web script or HTML via the friendship_request_message parameter to wp-admin/admin-ajax.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2013-3491 | 2 Mdolon, Wordpress | 2 Sharebar, Wordpress | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Sharebar plugin 1.2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) modify buttons, or (3) insert cross-site scripting (XSS) sequences. | |||||
| CVE-2012-5350 | 1 Wordpress | 2 Pay-with-tweet, Wordpress | 2025-04-11 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode. | |||||
| CVE-2010-4825 | 2 Pleer, Wordpress | 2 Wp-twitter-feed, Wordpress | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in magpie_debug.php in the Twitter Feed plugin (wp-twitter-feed) 0.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
| CVE-2011-3859 | 2 Themehybrid, Wordpress | 2 Trending, Wordpress | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. | |||||
| CVE-2009-4672 | 2 Grupenet, Wordpress | 2 Wp-lytebox, Wordpress | 2025-04-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in main.php in the WP-Lytebox plugin 1.3 for WordPress allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pg parameter. | |||||
| CVE-2013-3479 | 2 Sharethis, Wordpress | 2 Sharethis, Wordpress | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the ShareThis plugin before 7.0.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings. | |||||
| CVE-2011-5270 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 4.0 MEDIUM | N/A |
| wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role. | |||||
| CVE-2012-0782 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname parameter. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether this specific XSS scenario has security relevance | |||||
| CVE-2011-5254 | 2 Connections Project, Wordpress | 2 Connections, Wordpress | 2025-04-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Connections plugin before 0.7.1.6 for WordPress has unknown impact and attack vectors. | |||||
| CVE-2013-2707 | 2 Netweblogic, Wordpress | 2 Login With Ajax, Wordpress | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Login With Ajax plugin before 3.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify this plugin's settings. | |||||
| CVE-2011-0759 | 2 Blaenkdenum, Wordpress | 2 Wp-recaptcha, Wordpress | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the configuration page in the Recaptcha (aka WP-reCAPTCHA) plugin 2.9.8.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that disable the CAPTCHA requirement or insert cross-site scripting (XSS) sequences via the (1) recaptcha_opt_pubkey, (2) recaptcha_opt_privkey, (3) re_tabindex, (4) error_blank, (5) error_incorrect, (6) mailhide_pub, (7) mailhide_priv, (8) mh_replace_link, or (9) mh_replace_title parameter. | |||||
| CVE-2012-1011 | 2 Likno, Wordpress | 2 Allwebmenus Plugin, Wordpress | 2025-04-11 | 7.5 HIGH | N/A |
| actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2011-5082 | 2 S2member, Wordpress | 2 S2member, Wordpress | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the s2Member Pro plugin before 111220 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s2member_pro_authnet_checkout[coupon] parameter (aka Coupon Code field). | |||||
| CVE-2012-6506 | 2 Wordpress, Zingiri | 2 Wordpress, Zingiri Web Shop | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php. | |||||
| CVE-2013-5098 | 2 Mikejolley, Wordpress | 2 Download Monitor, Wordpress | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the sort parameter, a different vulnerability than CVE-2013-3262. | |||||