Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): XSS Wordpress
- Search Type: Search All
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-2709 |
Cross-site request forgery (CSRF) vulnerability in the FourSquare Checkins plugin before 1.3 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Published: April 26, 2013; 7:41:57 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-2696 |
Cross-site request forgery (CSRF) vulnerability in the All in One Webmaster plugin before 8.2.4 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Published: April 25, 2013; 4:55:09 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-2697 |
Cross-site request forgery (CSRF) vulnerability in the WP-DownloadManager plugin before 1.61 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Published: April 19, 2013; 7:44:26 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-5387 |
Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences. Published: October 24, 2012; 1:55:02 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-0782 |
Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname parameter. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether this specific XSS scenario has security relevance Published: January 30, 2012; 12:55:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-0508 |
Cross-site request forgery (CSRF) vulnerability in deans_permalinks_migration.php in the Dean's Permalinks Migration 1.0 plugin for WordPress allows remote attackers to modify the oldstructure (aka dean_pm_config[oldstructure]) configuration setting as administrators via the old_struct parameter in a deans_permalinks_migration.php action to wp-admin/options-general.php, as demonstrated by placing an XSS sequence in this setting. Published: January 31, 2008; 3:00:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2007-5161 |
Cross-zone scripting vulnerability in the internal browser in i-Systems Feedreader 3.10 allows remote attackers to inject arbitrary web script or HTML via an item in a feed, as demonstrated by a WordPress blog update. NOTE: this was originally reported as XSS. Published: October 01, 2007; 1:17:00 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-4104 |
Multiple cross-site scripting (XSS) vulnerabilities in the WP-FeedStats before 2.4 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, one of which involves an rss2 feed with an invalid or missing blog with an XSS sequence in the query string. Published: July 31, 2007; 6:17:00 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2006-0733 |
Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue is only exploitable by the same user who injects the XSS, so this might not be a vulnerability Published: February 16, 2006; 6:02:00 AM -0500 |
V3.x:(not available) V2.0: 2.6 LOW |