Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 3,077 matching records.
Displaying matches 2,601 through 2,620.
Vuln ID Summary CVSS Severity
CVE-2012-6511

Multiple cross-site scripting (XSS) vulnerabilities in organizer/page/users.php in the Organizer plugin 1.2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) delete_id parameter or (2) extension parameter in an "Update Setting" action to wp-admin/admin.php.

Published: January 23, 2013; 8:55:05 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-6506

Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php.

Published: January 23, 2013; 8:55:04 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-4618

Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.

Published: January 23, 2013; 8:55:02 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-6499

Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter.

Published: January 11, 2013; 11:33:49 PM -0500
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2011-5254

Unspecified vulnerability in the Connections plugin before 0.7.1.6 for WordPress has unknown impact and attack vectors.

Published: January 11, 2013; 11:33:49 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2013-0721

wp-php-widget.php in the WP PHP widget plugin 1.0.2 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.

Published: January 02, 2013; 6:46:23 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-5868

WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.

Published: December 27, 2012; 6:47:01 AM -0500
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2012-5469

The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod.

Published: December 20, 2012; 7:02:18 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2012-5178

Cross-site request forgery (CSRF) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that complete a purchase.

Published: December 19, 2012; 6:55:55 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-5177

Cross-site scripting (XSS) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: December 19, 2012; 6:55:55 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-6313

simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace.

Published: December 11, 2012; 7:18:37 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-6312

Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php.

Published: December 11, 2012; 7:18:37 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-5568

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

Published: November 30, 2012; 2:55:01 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-6051

Google CityHash computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack.

Published: November 28, 2012; 8:03:10 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-5373

Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm, a different vulnerability than CVE-2012-2739.

Published: November 28, 2012; 8:03:10 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-5372

Rubinius computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm.

Published: November 28, 2012; 8:03:10 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-5371

Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.

Published: November 28, 2012; 8:03:10 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-5370

JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4838.

Published: November 28, 2012; 8:03:10 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-0433

Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642.

Published: November 19, 2012; 7:10:48 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-5913

Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php.

Published: November 17, 2012; 4:55:06 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM