National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 2,225 matching records.
Displaying matches 1881 through 1900.
Vuln ID Summary CVSS Severity
CVE-2011-4669

SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the uid parameter to index.php.

Published: December 02, 2011; 11:55:00 AM -05:00
V2: 7.5 HIGH
CVE-2011-4646

SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information.

Published: November 30, 2011; 02:55:00 PM -05:00
V2: 6.0 MEDIUM
CVE-2011-4568

Cross-site scripting (XSS) vulnerability in view/frontend-head.php in the Flowplayer plugin before 1.2.12 for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI.

Published: November 29, 2011; 06:55:05 AM -05:00
V2: 4.3 MEDIUM
CVE-2011-4562

Multiple cross-site scripting (XSS) vulnerabilities in (1) view/admin/log_item.php and (2) view/admin/log_item_details.php in the Redirection plugin 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist.

Published: November 28, 2011; 04:55:08 PM -05:00
V2: 4.3 MEDIUM
CVE-2011-3364

Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file.

Published: November 04, 2011; 05:55:03 PM -04:00
V2: 6.9 MEDIUM
CVE-2010-4875

Cross-site scripting (XSS) vulnerability in vodpod-video-gallery/vodpod_gallery_thumbs.php in the Vodpod Video Gallery Plugin 3.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gid parameter.

Published: October 07, 2011; 06:55:07 AM -04:00
V2: 4.3 MEDIUM
CVE-2011-3981

PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.

Published: October 04, 2011; 06:55:12 AM -04:00
V2: 7.5 HIGH
CVE-2011-3865

Cross-site scripting (XSS) vulnerability in the Black-LetterHead theme before 1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.

Published: September 28, 2011; 06:55:04 AM -04:00
V2: 4.3 MEDIUM
CVE-2011-3864

Cross-site scripting (XSS) vulnerability in the The Erudite theme before 2.7.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.

Published: September 28, 2011; 06:55:04 AM -04:00
V2: 4.3 MEDIUM
CVE-2011-3863

Cross-site scripting (XSS) vulnerability in the RedLine theme before 1.66 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

Published: September 28, 2011; 06:55:04 AM -04:00
V2: 4.3 MEDIUM
CVE-2011-3862

Cross-site scripting (XSS) vulnerability in the Morning Coffee theme before 3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.

Published: September 28, 2011; 06:55:04 AM -04:00
V2: 4.3 MEDIUM
CVE-2011-3861

Cross-site scripting (XSS) vulnerability in the Web Minimalist 200901 theme before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.

Published: September 28, 2011; 06:55:04 AM -04:00
V2: 4.3 MEDIUM
CVE-2011-3860

Cross-site scripting (XSS) vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

Published: September 28, 2011; 06:55:04 AM -04:00
V2: 4.3 MEDIUM
CVE-2011-3859

Cross-site scripting (XSS) vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.

Published: September 28, 2011; 06:55:04 AM -04:00
V2: 4.3 MEDIUM
CVE-2011-3858

Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

Published: September 28, 2011; 06:55:04 AM -04:00
V2: 4.3 MEDIUM
CVE-2011-3857

Cross-site scripting (XSS) vulnerability in the Antisnews theme before 1.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

Published: September 28, 2011; 06:55:04 AM -04:00
V2: 4.3 MEDIUM
CVE-2011-3856

Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme before 1.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

Published: September 28, 2011; 06:55:04 AM -04:00
V2: 4.3 MEDIUM
CVE-2011-3855

Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

Published: September 28, 2011; 06:55:03 AM -04:00
V2: 4.3 MEDIUM
CVE-2011-3854

Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

Published: September 28, 2011; 06:55:03 AM -04:00
V2: 4.3 MEDIUM
CVE-2011-3853

Cross-site scripting (XSS) vulnerability in the Hybrid theme before 0.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.

Published: September 28, 2011; 06:55:03 AM -04:00
V2: 4.3 MEDIUM