Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 3,408 matching records.
Displaying matches 2,641 through 2,660.
Vuln ID Summary CVSS Severity
CVE-2012-6651

Multiple directory traversal vulnerabilities in the Vitamin plugin before 1.1.0 for WordPress allow remote attackers to access arbitrary files via a .. (dot dot) in the path parameter to (1) add_headers.php or (2) minify.php.

Published: July 31, 2014; 10:55:02 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-3544

Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field.

Published: July 29, 2014; 7:10:32 AM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-4726

Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors.

Published: July 27, 2014; 2:55:05 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-4725

The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.

Published: July 27, 2014; 2:55:05 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-4154

ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js.

Published: July 16, 2014; 10:19:03 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-4018

The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors.

Published: July 16, 2014; 10:19:03 AM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2014-4944

Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) categoryid or (2) pdfid parameter to wp-admin/admin.php.

Published: July 14, 2014; 10:55:07 AM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2014-4942

The EasyCart (wp-easycart) plugin before 2.0.6 for WordPress allows remote attackers to obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function.

Published: July 11, 2014; 4:55:03 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-4941

Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php.

Published: July 11, 2014; 4:55:03 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-4940

Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php.

Published: July 11, 2014; 4:55:03 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-4939

SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php.

Published: July 11, 2014; 4:55:03 PM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2014-4938

SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php.

Published: July 11, 2014; 4:55:03 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-4937

Directory traversal vulnerability in includes/bookx_export.php BookX plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

Published: July 11, 2014; 4:55:03 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-4856

Cross-site scripting (XSS) vulnerability in the Polldaddy Polls & Ratings plugin before 2.0.25 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a ratings shortcode and a unique ID. NOTE: some of these details are obtained from third party information.

Published: July 10, 2014; 12:55:06 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-4855

Cross-site scripting (XSS) vulnerability in the Polylang plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a user description. NOTE: some of these details are obtained from third party information.

Published: July 10, 2014; 12:55:06 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-4854

Cross-site scripting (XSS) vulnerability in the WP Construction Mode plugin 1.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wuc_logo parameter in a save action to wp-admin/admin.php.

Published: July 10, 2014; 12:55:06 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-4848

Cross-site scripting (XSS) vulnerability in the Blogstand Banner (blogstand-smart-banner) plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the bs_blog_id parameter to wp-admin/options-general.php.

Published: July 10, 2014; 12:55:05 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-4847

Cross-site scripting (XSS) vulnerability in the Random Banner plugin 1.1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the buffercode_RBanner_url_banner1 parameter in an update action to wp-admin/options.php.

Published: July 10, 2014; 12:55:05 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-4846

Cross-site scripting (XSS) vulnerability in the Meta Slider (ml-slider) plugin 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to wp-admin/admin.php.

Published: July 10, 2014; 10:55:04 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-4845

Cross-site scripting (XSS) vulnerability in the BannerMan plugin 0.2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the bannerman_background parameter to wp-admin/options-general.php.

Published: July 10, 2014; 10:55:04 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM