Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 3,032 matching records.
Displaying matches 2,681 through 2,700.
Vuln ID Summary CVSS Severity
CVE-2012-0287

Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the "Duplicate comment detected" feature.

Published: January 05, 2012; 11:01:26 PM -0500
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2011-5051

Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension using (1) uploadify/upload_admin_avatar.php or (2) uploadify/upload_profile_avatar.php, then accessing it via a direct request to the file in an unspecified directory inside the webroot.

Published: January 04, 2012; 2:55:02 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-3841

Cross-site scripting (XSS) vulnerability in uploadify/get_profile_avatar.php in the WP Symposium plugin before 11.12.08 for WordPress allows remote attackers to inject arbitrary web script or HTML via the uid parameter.

Published: December 27, 2011; 6:55:07 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-4203

CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable.

Published: December 22, 2011; 10:29:20 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-4803

SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

Published: December 13, 2011; 7:55:04 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-4673

SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

Published: December 02, 2011; 1:55:02 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-4671

SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL).

Published: December 02, 2011; 1:55:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-4669

SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the uid parameter to index.php.

Published: December 02, 2011; 11:55:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-4646

SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information.

Published: November 30, 2011; 2:55:00 PM -0500
V3.x:(not available)
V2.0: 6.0 MEDIUM
CVE-2011-4568

Cross-site scripting (XSS) vulnerability in view/frontend-head.php in the Flowplayer plugin before 1.2.12 for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI.

Published: November 29, 2011; 6:55:05 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-4562

Multiple cross-site scripting (XSS) vulnerabilities in (1) view/admin/log_item.php and (2) view/admin/log_item_details.php in the Redirection plugin 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist.

Published: November 28, 2011; 4:55:08 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-3364

Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file.

Published: November 04, 2011; 5:55:03 PM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2010-4875

Cross-site scripting (XSS) vulnerability in vodpod-video-gallery/vodpod_gallery_thumbs.php in the Vodpod Video Gallery Plugin 3.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gid parameter.

Published: October 07, 2011; 6:55:07 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-3981

PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.

Published: October 04, 2011; 6:55:12 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-3865

Cross-site scripting (XSS) vulnerability in the Black-LetterHead theme before 1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.

Published: September 28, 2011; 6:55:04 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-3864

Cross-site scripting (XSS) vulnerability in the The Erudite theme before 2.7.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.

Published: September 28, 2011; 6:55:04 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-3863

Cross-site scripting (XSS) vulnerability in the RedLine theme before 1.66 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

Published: September 28, 2011; 6:55:04 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-3862

Cross-site scripting (XSS) vulnerability in the Morning Coffee theme before 3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.

Published: September 28, 2011; 6:55:04 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-3861

Cross-site scripting (XSS) vulnerability in the Web Minimalist 200901 theme before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.

Published: September 28, 2011; 6:55:04 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-3860

Cross-site scripting (XSS) vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

Published: September 28, 2011; 6:55:04 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM