Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 3,410 matching records.
Displaying matches 2,781 through 2,800.
Vuln ID Summary CVSS Severity
CVE-2014-2333

Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin before 1.1.21 for WordPress allows remote attackers to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these details are obtained from third party information.

Published: April 11, 2014; 10:55:05 AM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2013-2708

Cross-site request forgery (CSRF) vulnerability in the Content Slide plugin 1.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors.

Published: April 11, 2014; 10:55:05 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-2706

Cross-site request forgery (CSRF) vulnerability in the Stream Video Player plugin 1.4.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors.

Published: April 11, 2014; 10:55:05 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-3252

Cross-site request forgery (CSRF) vulnerability in the options admin page in the WP-PostViews plugin before 1.63 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors.

Published: April 10, 2014; 4:29:20 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-3251

Cross-site request forgery (CSRF) vulnerability in the qTranslate plugin 2.5.34 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors.

Published: April 10, 2014; 4:29:20 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-2699

Cross-site request forgery (CSRF) vulnerability in the underConstruction plugin before 1.09 for WordPress allows remote attackers to hijack the authentication of administrators for requests that deactivate a plugin via unspecified vectors.

Published: April 10, 2014; 4:29:20 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-2693

Cross-site request forgery (CSRF) vulnerability in the Options in the WP-Print plugin before 2.52 for WordPress allows remote attackers to hijack the authentication of administrators for requests that manipulate plugin settings via unspecified vectors.

Published: April 10, 2014; 4:29:20 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-4921

Multiple cross-site request forgery (CSRF) vulnerabilities in the DVS Custom Notification plugin 1.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change application settings or (2) conduct cross-site scripting (XSS) attacks.

Published: April 10, 2014; 4:29:18 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-0166

The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie.

Published: April 09, 2014; 8:55:09 PM -0400
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2014-0165

WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php.

Published: April 09, 2014; 8:55:06 PM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2012-1834

Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cms_tpv_view parameter to wp-admin/options-general.php.

Published: April 07, 2014; 11:55:03 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-2287

Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter.

Published: April 04, 2014; 10:55:11 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-4920

Directory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Forum (aka Forums) plugin before 1.4.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter to index.php.

Published: April 04, 2014; 10:55:04 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-2340

Cross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php.

Published: April 03, 2014; 12:15:44 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-0735

Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post, (2) sticky, or (3) closed action or (4) thread parameter in a postreply action to index.php.

Published: April 02, 2014; 2:55:21 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2013-4240

Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add new testimonials via the hms-testimonials-addnew page, (2) add new groups via the hms-testimonials-addnewgroup page, (3) change default settings via the hms-testimonials-settings page, (4) change advanced settings via the hms-testimonials-settings-advanced page, (5) change custom fields settings via the hms-testimonials-settings-fields page, or (6) change template settings via the hms-testimonials-templates-new page to wp-admin/admin.php.

Published: April 02, 2014; 12:05:50 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-2695

Cross-site scripting (XSS) vulnerability in invite.php in the WP Symposium plugin before 13.04 for WordPress allows remote attackers to inject arbitrary web script or HTML via the u parameter.

Published: March 28, 2014; 11:55:08 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-2694

Open redirect vulnerability in invite.php in the WP Symposium plugin 13.04 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the u parameter.

Published: March 28, 2014; 11:55:08 AM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2013-0734

Multiple cross-site scripting (XSS) vulnerabilities in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) search_words parameter in a search action to wpf.class.php or (2) togroupusers parameter in an add_user_togroup action to fs-admin/fs-admin.php.

Published: March 28, 2014; 11:55:08 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-1408

Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.

Published: March 24, 2014; 12:43:02 PM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM