U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:wordpress:wordpress:4.2.19:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 225 matching records.
Displaying matches 221 through 225.
Vuln ID Summary CVSS Severity
CVE-2008-4732

SQL injection vulnerability in ajax_comments.php in the WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the p parameter.

Published: October 24, 2008; 6:30:00 AM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 7.5 HIGH
CVE-2008-4625

SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter, a different vector than CVE-2008-0683.

Published: October 20, 2008; 9:18:02 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 7.5 HIGH
CVE-2008-1982

SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) 0.6 and earlier plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter.

Published: April 27, 2008; 4:05:00 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 7.5 HIGH
CVE-2007-5800

Multiple PHP remote file inclusion vulnerabilities in the BackUpWordPress 0.4.2b and earlier plugin for WordPress allow remote attackers to execute arbitrary PHP code via a URL in the bkpwp_plugin_path parameter to (1) plugins/BackUp/Archive.php; and (2) Predicate.php, (3) Writer.php, (4) Reader.php, and other unspecified scripts under plugins/BackUp/Archive/.

Published: November 02, 2007; 8:46:00 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 6.8 MEDIUM
CVE-2007-2627

Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than CVE-2007-1622.

Published: May 11, 2007; 1:19:00 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 6.8 MEDIUM