Filtered by vendor Wordpress
Subscribe
Search
Total
610 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2315 | 2 Shinephp, Wordpress | 2 Thank You Counter Button, Wordpress | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Thank You Counter Button plugin 1.8.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) thanks_caption, (2) thanks_caption_style, or (3) thanks_style parameter to wp-admin/options.php. | |||||
| CVE-2014-1907 | 2 Videowhisper, Wordpress | 2 Live Streaming Integration Plugin, Wordpress | 2017-08-29 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_logout.php. | |||||
| CVE-2013-3526 | 2 Wordpress, Wptrafficanalyzer | 2 Wordpress, Trafficanalyzer | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter. | |||||
| CVE-2013-3530 | 2 Fabricio Zuardi, Wordpress | 2 Xspf Player Plugin, Wordpress | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in playlist.php in the Spiffy XSPF Player plugin 0.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the playlist_id parameter. | |||||
| CVE-2013-3487 | 2 Ait-pro, Wordpress | 2 Bulletproof-security, Wordpress | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the security log in the BulletProof Security plugin before .49 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified HTML header fields to (1) 400.php, (2) 403.php, or (3) 403.php. | |||||
| CVE-2013-4117 | 2 Anshul Sharma, Wordpress | 2 Category-grid-view-gallery, Wordpress | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter. | |||||
| CVE-2013-3262 | 2 Mikejolley, Wordpress | 2 Download Monitor, Wordpress | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the p parameter. | |||||
| CVE-2013-3491 | 2 Mdolon, Wordpress | 2 Sharebar, Wordpress | 2017-08-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Sharebar plugin 1.2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) modify buttons, or (3) insert cross-site scripting (XSS) sequences. | |||||
| CVE-2013-5963 | 2 Cdsincdesign, Wordpress | 2 Simple Dropbox Upload Form, Wordpress | 2017-08-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in multi.php in Simple Dropbox Upload plugin before 1.8.8.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/wpdb/. | |||||
| CVE-2013-6010 | 2 Wearegumball, Wordpress | 2 Comment-attachment, Wordpress | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Comment Attachment plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Attachment field title." | |||||
| CVE-2013-3532 | 2 Webdorado, Wordpress | 2 Spider Video Player, Wordpress | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in settings.php in the Web Dorado Spider Video Player plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the theme parameter. | |||||
| CVE-2013-3529 | 2 Smartypantsplugins, Wordpress | 2 Wp-funeral-press, Wordpress | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in user/obits.php in the WP FuneralPress plugin before 1.1.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) photo-message, or (3) youtube-message parameter. | |||||
| CVE-2013-5961 | 2 Danny Morris, Wordpress | 2 Lazy Seo, Wordpress | 2017-08-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in lazy-seo/. | |||||
| CVE-2013-5673 | 2 Indianic, Wordpress | 2 Testimonial Plugin, Wordpress | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in testimonial.php in the IndiaNIC Testimonial plugin 2.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the custom_query parameter in a testimonial_add action to wp-admin/admin-ajax.php. | |||||
| CVE-2013-5672 | 2 Indianic, Wordpress | 2 Testimonial Plugin, Wordpress | 2017-08-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the IndiaNIC Testimonial plugin 2.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add a testimonial via an iNIC_testimonial_save action; (2) add a listing template via an iNIC_testimonial_save_listing_template action; (3) add a widget template via an iNIC_testimonial_save_widget action; insert cross-site scripting (XSS) sequences via the (4) project_name, (5) project_url, (6) client_name, (7) client_city, (8) client_state, (9) description, (10) tags, (11) video_url, or (12) is_featured, (13) title, (14) widget_title, (15) no_of_testimonials, (16) filter_by_country, (17) filter_by_tags, or (18) widget_template parameter to wp-admin/admin-ajax.php. | |||||
| CVE-2013-5098 | 2 Mikejolley, Wordpress | 2 Download Monitor, Wordpress | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the sort parameter, a different vulnerability than CVE-2013-3262. | |||||
| CVE-2013-4954 | 2 Genetechsolutions, Wordpress | 2 Pie-register, Wordpress | 2017-08-29 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password" is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pass1 or (2) pass2 parameter in a register action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2013-4944 | 2 Fusedpress, Wordpress | 2 Buddypress-extended-frienship-request, Wordpress | 2017-08-29 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the BuddyPress Extended Friendship Request plugin before 1.0.2 for WordPress, when the "Friend Connections" component is enabled, allows remote attackers to inject arbitrary web script or HTML via the friendship_request_message parameter to wp-admin/admin-ajax.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2013-3256 | 2 Shareaholic, Wordpress | 2 Sexybookmarks, Wordpress | 2017-08-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Shareaholic SexyBookmarks plugin 6.1.4.0 for WordPress allows remote attackers to hijack the authentication of users for requests that "manipulate plugin settings." | |||||
| CVE-2013-4625 | 2 Cory Lamle, Wordpress | 2 Duplicator, Wordpress | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter. | |||||
| CVE-2013-2501 | 2 Terillion, Wordpress | 2 Terillion Reviews Plugin, Wordpress | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field. | |||||
| CVE-2013-0734 | 2 Cartpauj, Wordpress | 2 Mingle-forum, Wordpress | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) search_words parameter in a search action to wpf.class.php or (2) togroupusers parameter in an add_user_togroup action to fs-admin/fs-admin.php. | |||||
| CVE-2013-1463 | 2 Tobias Bathge, Wordpress | 2 Wp-table Reloaded, Wordpress | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in js/tabletools/zeroclipboard.swf in the WP-Table Reloaded module before 1.9.4 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be the same vulnerability as CVE-2013-1808. If so, it is likely that CVE-2013-1463 will be REJECTed. | |||||
| CVE-2013-0735 | 2 Cartpauj, Wordpress | 2 Mingle-forum, Wordpress | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post, (2) sticky, or (3) closed action or (4) thread parameter in a postreply action to index.php. | |||||
| CVE-2013-0731 | 2 Mailup, Wordpress | 2 Wp-mailup, Wordpress | 2017-08-29 | 5.0 MEDIUM | N/A |
| ajax.functions.php in the MailUp plugin before 1.3.3 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks by setting the wordpress_logged_in cookie. NOTE: this is due to an incomplete fix for a similar issue that was fixed in 1.3.2. | |||||
| CVE-2013-0721 | 2 Wordpress, Wp Php Widget Project | 2 Wordpress, Wp Php Widget | 2017-08-29 | 5.0 MEDIUM | N/A |
| wp-php-widget.php in the WP PHP widget plugin 1.0.2 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. | |||||
| CVE-2012-5350 | 1 Wordpress | 2 Pay-with-tweet, Wordpress | 2017-08-29 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode. | |||||
| CVE-2012-5387 | 2 Videousermanuals, Wordpress | 2 White-label-cms, Wordpress | 2017-08-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences. | |||||
| CVE-2012-5388 | 2 Videousermanuals, Wordpress | 2 White-label-cms, Wordpress | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, a related issue to CVE-2012-5387. | |||||
| CVE-2012-4263 | 2 Bit51, Wordpress | 2 Better-wp-security, Wordpress | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_USER_AGENT header. | |||||
| CVE-2012-5856 | 2 Uk-cookie Project, Wordpress | 2 Uk-cookie, Wordpress | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka uk-cookie) plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-4327 | 2 Wordpress, Wpslideshow | 2 Wordpress, Image News Slider | 2017-08-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Image News slider plugin before 3.3 for WordPress has unspecified impact and remote attack vectors. | |||||
| CVE-2012-5913 | 2 Wordpress, Wordpress Integrator Project | 2 Wordpress, Wordpress Integrator | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php. | |||||
| CVE-2012-6506 | 2 Wordpress, Zingiri | 2 Wordpress, Zingiri Web Shop | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php. | |||||
| CVE-2012-4915 | 2 Davistribe, Wordpress | 2 Google Doc Embedder, Wordpress | 2017-08-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php. | |||||
| CVE-2012-4920 | 2 Wordpress, Zingiri | 2 Wordpress, Forums | 2017-08-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Forum (aka Forums) plugin before 1.4.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter to index.php. | |||||
| CVE-2012-4273 | 2 Ppfeufer, Wordpress | 2 2-click-social-media-buttons, Wordpress | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter. | |||||
| CVE-2012-4033 | 2 Wordpress, Zingiri | 2 Wordpress, Zingiri Web Shop | 2017-08-29 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin before 2.4.0 for WordPress have unknown impact and attack vectors. | |||||
| CVE-2012-5229 | 1 Wordpress | 2 Slideshow Gallery2, Wordpress | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in css/gallery-css.php in the Slideshow Gallery2 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the border parameter. | |||||
| CVE-2012-5310 | 2 Getshopped, Wordpress | 2 Wp E-commerce, Wordpress | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the WP e-Commerce plugin before 3.8.7.6 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-4271 | 2 Mark Jaquith, Wordpress | 2 Bad Behavior, Wordpress | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in bad-behavior-wordpress-admin.php in the Bad Behavior plugin before 2.0.47 and 2.2.x before 2.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) httpbl_key, (3) httpbl_maxage, (4) httpbl_threat, (5) reverse_proxy_addresses, or (6) reverse_proxy_header parameter. | |||||
| CVE-2012-5325 | 2 Cartpauj, Wordpress | 2 Shortcode-redirect, Wordpress | 2017-08-29 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the scr_do_redirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via the (1) url or (2) sec attributes in a redirect tag. | |||||
| CVE-2012-5327 | 2 Cartpauj, Wordpress | 2 Mingle-forum, Wordpress | 2017-08-29 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) delete_usrgrp[] parameter in a delete_usergroups action, (2) usergroup parameter in an add_user_togroup action, or (3) add_forum_group_id parameter in an add_forum_submit action. | |||||
| CVE-2012-4268 | 2 Ait-pro, Wordpress | 2 Bulletproof-security, Wordpress | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in bulletproof-security/admin/options.php in the BulletProof Security plugin before .47.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_ACCEPT_ENCODING header. | |||||
| CVE-2012-5346 | 2 Bencemeszaros, Wordpress | 2 Wp-livephp, Wordpress | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wp-live.php in the WP Live.php module 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-5349 | 1 Wordpress | 2 Pay-with-tweet, Wordpress | 2017-08-29 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3) dl parameter. | |||||
| CVE-2012-2920 | 2 User Photo, Wordpress | 2 User Photo, Wordpress | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the userphoto_options_page function in user-photo.php in the User Photo plugin before 0.9.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to wp-admin/options-general.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-0934 | 2 Wordpress, Zingiri | 2 Wordpress, Theme Tuner Plugin | 2017-08-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ajax/savetag.php in the Theme Tuner plugin for WordPress before 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the tt-abspath parameter. | |||||
| CVE-2012-0898 | 2 Camaleo, Wordpress | 2 Myeasybackup, Wordpress | 2017-08-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in meb_download.php in the myEASYbackup plugin 1.0.8.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dwn_file parameter. | |||||
| CVE-2012-1010 | 2 Likno, Wordpress | 2 Allwebmenus Plugin, Wordpress | 2017-08-29 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory. | |||||