Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 3,410 matching records.
Displaying matches 2,801 through 2,820.
Vuln ID Summary CVSS Severity
CVE-2013-1759

Cross-site scripting (XSS) vulnerability in the Responsive Logo Slideshow plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the "URL and Image" field.

Published: March 14, 2014; 10:55:04 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-1758

Cross-site scripting (XSS) vulnerability in the Marekkis Watermark plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pfad parameter to wp-admin/options-general.php. NOTE: some of these details are obtained from third party information.

Published: March 14, 2014; 10:55:04 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-2265

Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpcf7_captcha_challenge_captcha-719 parameter.

Published: March 14, 2014; 6:55:06 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2013-1636

Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers to inject arbitrary web script or HTML via the get-data parameter.

Published: March 12, 2014; 10:55:26 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-2316

SQL injection vulnerability in se_search_default in the Search Everything plugin before 7.0.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the s parameter to index.php. NOTE: some of these details are obtained from third party information.

Published: March 09, 2014; 9:16:57 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-2315

Multiple cross-site scripting (XSS) vulnerabilities in the Thank You Counter Button plugin 1.8.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) thanks_caption, (2) thanks_caption_style, or (3) thanks_style parameter to wp-admin/options.php.

Published: March 09, 2014; 9:16:57 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-1907

Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_logout.php.

Published: March 06, 2014; 10:55:28 AM -0500
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2014-1906

Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) m parameter to lb_status.php; (2) msg parameter to vc_chatlog.php; n parameter to (3) channel.php, (4) htmlchat.php, (5) video.php, or (6) videotext.php; (7) message parameter to lb_logout.php; or ct parameter to (8) lb_status.php or (9) v_status.php in ls/.

Published: March 06, 2014; 10:55:28 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-3478

SQL injection vulnerability in Apptha WordPress Video Gallery 2.0, 1.6, and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the playid parameter to index.php.

Published: March 05, 2014; 11:37:40 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-2040

Multiple cross-site scripting (XSS) vulnerabilities in the (1) callback_multicheck, (2) callback_radio, and (3) callback_wysiwygin functions in mfrh_class.settings-api.php in the Media File Renamer plugin 1.7.0 for WordPress allow remote authenticated users with permissions to add media or edit media to inject arbitrary web script or HTML via unspecified parameters, as demonstrated by the title of an uploaded file.

Published: March 03, 2014; 1:55:03 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2014-1840

Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a do_search action, which is not properly handled in a forced SQL error message.

Published: March 03, 2014; 11:55:04 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-3487

Multiple cross-site scripting (XSS) vulnerabilities in the security log in the BulletProof Security plugin before .49 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified HTML header fields to (1) 400.php, (2) 403.php, or (3) 403.php.

Published: March 03, 2014; 11:55:03 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-1409

Cross-site scripting (XSS) vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _ajax_nonce parameter to wp-admin/admin-ajax.php.

Published: March 03, 2014; 11:55:03 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-1888

Cross-site scripting (XSS) vulnerability in the BuddyPress plugin before 1.9.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the name field to groups/create/step/group-details. NOTE: this can be exploited without authentication by leveraging CVE-2014-1889.

Published: February 28, 2014; 7:01:09 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-1854

SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter.

Published: February 27, 2014; 10:55:15 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2013-7319

Cross-site scripting (XSS) vulnerability in the Download Manager plugin before 2.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title field.

Published: February 06, 2014; 11:10:59 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-2074

kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message.

Published: February 05, 2014; 2:55:28 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-3377

The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain.

Published: February 05, 2014; 2:55:28 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-1852

SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin before 3.8.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php.

Published: February 05, 2014; 10:10:04 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2012-6635

wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by visiting a draft.

Published: January 20, 2014; 8:55:03 PM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM