Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Wordpress
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2011-3864 |
Cross-site scripting (XSS) vulnerability in the The Erudite theme before 2.7.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. Published: September 28, 2011; 6:55:04 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-3863 |
Cross-site scripting (XSS) vulnerability in the RedLine theme before 1.66 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. Published: September 28, 2011; 6:55:04 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-3862 |
Cross-site scripting (XSS) vulnerability in the Morning Coffee theme before 3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. Published: September 28, 2011; 6:55:04 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-3861 |
Cross-site scripting (XSS) vulnerability in the Web Minimalist 200901 theme before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. Published: September 28, 2011; 6:55:04 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-3860 |
Cross-site scripting (XSS) vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. Published: September 28, 2011; 6:55:04 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-3859 |
Cross-site scripting (XSS) vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. Published: September 28, 2011; 6:55:04 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-3858 |
Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. Published: September 28, 2011; 6:55:04 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-3857 |
Cross-site scripting (XSS) vulnerability in the Antisnews theme before 1.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. Published: September 28, 2011; 6:55:04 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-3856 |
Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme before 1.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. Published: September 28, 2011; 6:55:04 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-3855 |
Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. Published: September 28, 2011; 6:55:03 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-3854 |
Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. Published: September 28, 2011; 6:55:03 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-3853 |
Cross-site scripting (XSS) vulnerability in the Hybrid theme before 0.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. Published: September 28, 2011; 6:55:03 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-3852 |
Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. Published: September 28, 2011; 6:55:03 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-3851 |
Cross-site scripting (XSS) vulnerability in the News theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. Published: September 28, 2011; 6:55:03 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-3850 |
Cross-site scripting (XSS) vulnerability in the Atahualpa theme before 3.6.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. Published: September 28, 2011; 6:55:03 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-3818 |
WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by wp-admin/includes/user.php and certain other files. Published: September 23, 2011; 8:55:03 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2010-4839 |
SQL injection vulnerability in the Event Registration plugin 5.32 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the event_id parameter in a register action. Published: September 13, 2011; 10:56:38 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2010-4825 |
Cross-site scripting (XSS) vulnerability in magpie_debug.php in the Twitter Feed plugin (wp-twitter-feed) 0.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. Published: August 24, 2011; 6:55:05 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-3130 |
wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Taxonomy query hardening," possibly involving SQL injection. Published: August 10, 2011; 5:55:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-3129 |
The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames. Published: August 10, 2011; 5:55:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |