Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 3,077 matching records.
Displaying matches 2,641 through 2,660.
Vuln ID Summary CVSS Severity
CVE-2011-5207

Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script or HTML via the tcp_name_post_XXXXX parameter.

Published: October 04, 2012; 1:55:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-4242

Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.

Published: October 01, 2012; 7:55:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-5229

Cross-site scripting (XSS) vulnerability in css/gallery-css.php in the Slideshow Gallery2 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the border parameter.

Published: October 01, 2012; 4:55:04 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-4448

Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboard_incoming_links edit action.

Published: September 28, 2012; 5:55:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-5194

Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin before 1.4.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vulnerability than CVE-2011-5193.

Published: September 23, 2012; 1:55:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-5193

Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin 1.4.2.3 for WordPress, when the WHOIS widget is enabled, allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php, a different vulnerability than CVE-2011-5194.

Published: September 23, 2012; 1:55:01 PM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2011-5192

Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5191.

Published: September 23, 2012; 1:55:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-5191

Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5192.

Published: September 23, 2012; 1:55:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-5182

** DISPUTED ** Cross-site scripting (XSS) vulnerability in lanoba-social-plugin/index.php in the Lanoba Social plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor disputes this issue, stating "Lanoba's plug in does sanitize user input, and because that input is never sent to the browser, an attacker has no way of executing script or code on a user's behalf."

Published: September 20, 2012; 6:55:26 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-5181

Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter. NOTE: some of these details are obtained from third party information.

Published: September 20, 2012; 6:55:26 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-5180

Cross-site scripting (XSS) vulnerability in wp-1pluginjquery.php in the ZooEffect plugin 1.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: some of these details are obtained from third party information. NOTE: this has been disputed by a third party.

Published: September 20, 2012; 6:55:25 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-5179

Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.

Published: September 20, 2012; 6:55:23 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-4422

wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin changes by leveraging the Administrator role.

Published: September 14, 2012; 3:55:01 PM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2012-4421

The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing Protocol (aka AtomPub) feature.

Published: September 14, 2012; 3:55:01 PM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2010-5106

The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role.

Published: September 14, 2012; 3:55:01 PM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2012-4874

Unspecified vulnerability in the Another WordPress Classifieds Plugin before 2.0 for WordPress has unknown impact and attack vectors related to "image uploads."

Published: September 06, 2012; 5:55:03 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2010-5225

Untrusted search path vulnerability in Babylon 8.1.0 r16 allows local users to gain privileges via a Trojan horse BESExtension.dll file in the current working directory, as demonstrated by a directory that contains a .bgl file. NOTE: some of these details are obtained from third party information.

Published: September 06, 2012; 6:41:56 AM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2012-2109

SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action.

Published: September 04, 2012; 4:55:02 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-5128

Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize plugin before 1.7.22 for WordPress allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) inc-options/deinstall_options.php, (2) inc-options/theme_options.php, or (3) inc-options/im_export_options.php, or the (4) post or (5) post_ID parameters to adminimize.php, different vectors than CVE-2011-4926.

Published: August 29, 2012; 12:39:40 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-4926

Cross-site scripting (XSS) vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.

Published: August 29, 2012; 12:39:40 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM