Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 3,328 matching records.
Displaying matches 2,661 through 2,680.
Vuln ID Summary CVSS Severity
CVE-2014-4155

Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1.

Published: June 19, 2014; 10:55:08 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-2572

Cross-site scripting (XSS) vulnerability in the ThreeWP Email Reflector plugin before 1.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Subject of an email.

Published: June 19, 2014; 10:55:07 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-4163

Multiple cross-site request forgery (CSRF) vulnerabilities in the Featured Comments plugin 1.2.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change the (1) buried or (2) featured status of a comment via a request to wp-admin/admin-ajax.php.

Published: June 16, 2014; 2:55:09 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-3850

Cross-site request forgery (CSRF) vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings to their default and disable registration approval via a request to wp-admin/options-general.php.

Published: June 11, 2014; 10:55:08 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-4017

Cross-site scripting (XSS) vulnerability in the Conversion Ninja plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php.

Published: June 10, 2014; 10:55:10 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-3961

SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/.

Published: June 04, 2014; 10:55:07 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-2053

getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.

Published: June 04, 2014; 10:55:03 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-3937

SQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: June 02, 2014; 11:55:11 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2013-3476

Cross-site request forgery (CSRF) vulnerability in the WordPress Related Posts plugin before 2.6.2 for WordPress allows remote attackers to hijack the authentication of users for requests that change settings via unspecified vectors.

Published: June 02, 2014; 11:55:10 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-3258

Cross-site request forgery (CSRF) vulnerability in he Digg Digg plugin before 5.3.5 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via unspecified vectors.

Published: June 02, 2014; 11:55:10 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-3257

Cross-site request forgery (CSRF) vulnerability in the Related Posts plugin before 2.7.2 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via unspecified vectors.

Published: June 02, 2014; 11:55:10 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-2710

Cross-site request forgery (CSRF) vulnerability in the Contextual Related Posts plugin before 1.8.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via unspecified vectors.

Published: June 02, 2014; 11:55:10 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-3923

Multiple cross-site scripting (XSS) vulnerabilities in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the logoLink parameter to (1) preview.swf, (2) preview_skin_rouge.swf, (3) preview_allchars.swf, or (4) preview_skin_overlay.swf in deploy/.

Published: May 30, 2014; 10:55:09 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-3921

Cross-site scripting (XSS) vulnerability in popup.php in the Simple Popup Images plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the z parameter.

Published: May 30, 2014; 10:55:09 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-4915

Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php.

Published: May 29, 2014; 10:19:06 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2013-3477

Cross-site request forgery (CSRF) vulnerability in the Related Posts by Zemanta plugin before 1.3.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change settings via unknown vectors.

Published: May 27, 2014; 10:55:10 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-2698

Cross-site request forgery (CSRF) vulnerability in the Calendar plugin before 1.3.3 for WordPress allows remote attackers to hijack the authentication of users for requests that add a calendar entry via unspecified vectors.

Published: May 27, 2014; 10:55:10 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-0724

PHP remote file inclusion vulnerability in includes/generate-pdf.php in the WP ecommerce Shop Styling plugin for WordPress before 1.8 allows remote attackers to execute arbitrary PHP code via a URL in the dompdf parameter.

Published: May 27, 2014; 10:55:03 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-3870

Cross-site scripting (XSS) vulnerability in the bib2html plugin 0.9.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the styleShortName parameter in an adminStyleAdd action to OSBiB/create/index.php.

Published: May 27, 2014; 9:55:06 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-3849

The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the Email parameter and the API key in the i4w_clearuser parameter.

Published: May 23, 2014; 10:55:12 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM