Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 3,077 matching records.
Displaying matches 2,621 through 2,640.
Vuln ID Summary CVSS Severity
CVE-2012-5856

Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka uk-cookie) plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: November 17, 2012; 2:55:01 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-5226

Cross-site request forgery (CSRF) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to hijack the authentication of an administrator for requests that trigger snapshots.

Published: October 25, 2012; 1:55:05 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-5225

Cross-site scripting (XSS) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Published: October 25, 2012; 1:55:05 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-5224

SQL injection vulnerability in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: October 25, 2012; 1:55:05 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-5216

SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress plugin before 1.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the active parameter. NOTE: some of these details are obtained from third party information.

Published: October 25, 2012; 1:55:03 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2012-5388

Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, a related issue to CVE-2012-5387.

Published: October 24, 2012; 1:55:02 PM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2012-5387

Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences.

Published: October 24, 2012; 1:55:02 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-5212

SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 allows remote attackers to execute arbitrary SQL commands via the (1) user name or (2) password field.

Published: October 22, 2012; 7:55:04 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-5211

Cross-site scripting (XSS) vulnerability in the poll module in Subrion CMS 2.0.4 allows remote attackers to inject arbitrary web script or HTML via the title field. NOTE: some of these details are obtained from third party information. NOTE: this might overlap CVE-2012-5452.

Published: October 22, 2012; 7:55:04 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-5350

SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode.

Published: October 09, 2012; 11:55:01 AM -0400
V3.x:(not available)
V2.0: 6.0 MEDIUM
CVE-2012-5349

Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3) dl parameter.

Published: October 09, 2012; 11:55:01 AM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2012-5346

Cross-site scripting (XSS) vulnerability in wp-live.php in the WP Live.php module 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: some of these details are obtained from third party information.

Published: October 09, 2012; 11:55:01 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-5328

Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via the (1) memberid or (2) groupid parameters in a removemember action or (3) id parameter to fs-admin/fs-admin.php, or (4) edit_forum_id parameter in an edit_save_forum action to fs-admin/wpf-edit-forum-group.php.

Published: October 08, 2012; 4:55:01 PM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2012-5327

Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) delete_usrgrp[] parameter in a delete_usergroups action, (2) usergroup parameter in an add_user_togroup action, or (3) add_forum_group_id parameter in an add_forum_submit action.

Published: October 08, 2012; 4:55:01 PM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2012-5325

Multiple cross-site scripting (XSS) vulnerabilities in the scr_do_redirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via the (1) url or (2) sec attributes in a redirect tag.

Published: October 08, 2012; 4:55:01 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2011-5208

Multiple directory traversal vulnerabilities in the BackWPup plugin before 1.4.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the wpabs parameter to (1) app/options-view_log-iframe.php or (2) app/options-runnow-iframe.php.

Published: October 08, 2012; 2:55:01 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-4342

PHP remote file inclusion vulnerability in wp_xml_export.php in the BackWPup plugin before 1.7.2 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter.

Published: October 08, 2012; 2:55:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2012-5318

Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1125.

Published: October 08, 2012; 1:55:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-5310

SQL injection vulnerability in the WP e-Commerce plugin before 3.8.7.6 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: October 08, 2012; 1:55:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2012-1125

Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin before 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the directory specified by the folder parameter.

Published: October 08, 2012; 1:55:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM