U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:wordpress:wordpress:3.2:-:*:*:*:*:*:*
  • CPE Name Search: true
There are 278 matching records.
Displaying matches 261 through 278.
Vuln ID Summary CVSS Severity
CVE-2008-6811

Unrestricted file upload vulnerability in image_processing.php in the e-Commerce Plugin 3.4 and earlier for Wordpress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/plugins/wp-shopping-cart/.

Published: May 18, 2009; 8:00:01 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2009-0968

SQL injection vulnerability in fmoblog.php in the fMoblog plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: some of these details are obtained from third party information.

Published: March 19, 2009; 6:30:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-5752

Directory traversal vulnerability in getConfig.php in the Page Flip Image Gallery plugin 0.2.2 and earlier for WordPress, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the book_id parameter. NOTE: some of these details are obtained from third party information.

Published: December 30, 2008; 12:30:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2008-4734

Cross-site request forgery (CSRF) vulnerability in the wpcr_do_options_page function in WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to perform unauthorized actions as administrators via a request that sets the wpcr_hidden_form_input parameter.

Published: October 24, 2008; 6:30:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-4733

Cross-site scripting (XSS) vulnerability in wpcommentremix.php in WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) replytotext, (2) quotetext, (3) originallypostedby, (4) sep, (5) maxtags, (6) tagsep, (7) tagheadersep, (8) taglabel, and (9) tagheaderlabel parameters.

Published: October 24, 2008; 6:30:00 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2008-4732

SQL injection vulnerability in ajax_comments.php in the WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the p parameter.

Published: October 24, 2008; 6:30:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-4625

SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter, a different vector than CVE-2008-0683.

Published: October 20, 2008; 9:18:02 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-1982

SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) 0.6 and earlier plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter.

Published: April 27, 2008; 4:05:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-0615

Directory traversal vulnerability in wp-admin/admin.php in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) folder and (2) file parameters.

Published: February 06, 2008; 7:00:00 AM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2008-0616

SQL injection vulnerability in the administration panel in the DMSGuestbook 1.7.0 plugin for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.

Published: February 06, 2008; 7:00:00 AM -0500
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2008-0617

Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter to wp-admin/admin.php, or the (2) messagefield parameter in the guestbook page, and the (3) title parameter in the messagearea.

Published: February 06, 2008; 7:00:00 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2008-0618

Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) gbname, (2) gbemail, (3) gburl, and (4) gbmsg parameters to unspecified programs. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published: February 06, 2008; 7:00:00 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2008-0491

SQL injection vulnerability in fim_rss.php in the fGallery 2.4.1 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the album parameter.

Published: January 30, 2008; 5:00:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-6677

Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam Image 0.2.4 and earlier plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the comment field in the comment form.

Published: January 09, 2008; 7:46:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2008-0198

Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) wpcf_question, (2) wpcf_success_msg, or (3) wpcf_error_msg parameter to wp-admin/admin.php.

Published: January 09, 2008; 7:46:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-5800

Multiple PHP remote file inclusion vulnerabilities in the BackUpWordPress 0.4.2b and earlier plugin for WordPress allow remote attackers to execute arbitrary PHP code via a URL in the bkpwp_plugin_path parameter to (1) plugins/BackUp/Archive.php; and (2) Predicate.php, (3) Writer.php, (4) Reader.php, and other unspecified scripts under plugins/BackUp/Archive/.

Published: November 02, 2007; 8:46:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-4165

Cross-site scripting (XSS) vulnerability in index.php in the Blue Memories theme 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757 and CVE-2007-4014. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published: August 07, 2007; 6:17:00 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-2627

Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than CVE-2007-1622.

Published: May 11, 2007; 1:19:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM