Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 3,410 matching records.
Displaying matches 2,821 through 2,840.
Vuln ID Summary CVSS Severity
CVE-2012-6634

wp-admin/media-upload.php in WordPress before 3.3.3 allows remote attackers to obtain sensitive information or bypass intended media-attachment restrictions via a post_id value.

Published: January 20, 2014; 8:55:03 PM -0500
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2012-6633

Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php in WordPress before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via an editable slug field.

Published: January 20, 2014; 8:55:03 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-5270

wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role.

Published: January 20, 2014; 8:55:03 PM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2010-5297

WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.

Published: January 20, 2014; 8:55:03 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2010-5296

wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.

Published: January 20, 2014; 8:55:03 PM -0500
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2010-5295

Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin's author field, which is not properly handled during a Delete Plugin action.

Published: January 20, 2014; 8:55:03 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-5294

Multiple cross-site scripting (XSS) vulnerabilities in the request_filesystem_credentials function in wp-admin/includes/file.php in WordPress before 3.0.2 allow remote servers to inject arbitrary web script or HTML by providing a crafted error message for a (1) FTP or (2) SSH connection attempt.

Published: January 20, 2014; 8:55:03 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-5293

wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match.

Published: January 20, 2014; 8:55:03 PM -0500
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2012-6630

Multiple cross-site scripting (XSS) vulnerabilities in the Media Library Categories plugin 1.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) bulk parameter to media-library-categories/add.php or (2) q parameter to media-library-categories/view.php.

Published: January 16, 2014; 4:55:44 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-6629

Multiple cross-site request forgery (CSRF) vulnerabilities in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change an email address or (2) conduct script insertion attacks. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published: January 16, 2014; 4:55:44 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-6628

Multiple cross-site scripting (XSS) vulnerabilities in the Newsletter Manager plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) xyz_em_campName to admin/create_campaign.php or (2) admin/edit_campaign.php, (3) xyz_em_email parameter to admin/edit_email.php, (4) xyz_em_exportbatchSize parameter to import_export.php, or (5) pagination limit in the Newsletter Manager options.

Published: January 16, 2014; 4:55:44 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-6627

Cross-site scripting (XSS) vulnerability in admin/test_mail.php in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.

Published: January 16, 2014; 4:55:44 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-6625

SQL injection vulnerability in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the groupid parameter in an editgroup action.

Published: January 16, 2014; 4:55:44 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2012-6624

Cross-site scripting (XSS) vulnerability in the SoundCloud Is Gold plugin 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter in a soundcloud_is_gold_player_preview action to wp-admin/admin-ajax.php.

Published: January 16, 2014; 4:55:44 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-6623

Cross-site scripting (XSS) vulnerability in fs-admin/wpf-add-forum.php in the ForumPress WP Forum Server plugin before 1.7.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the groupid parameter in an addforum action to wp-admin/admin.php.

Published: January 16, 2014; 4:55:44 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-6622

Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) groupid parameter in an editgroup action or (2) usergroup_id parameter in an edit_usergroup action.

Published: January 16, 2014; 4:55:08 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-0746

Directory traversal vulnerability in DeviceKit-disks in DeviceKit, as used in Fedora 11 and 12 and possibly other operating systems, allows local users to gain privileges via .. (dot dot) sequences in the label for a pluggable storage device.

Published: January 13, 2014; 4:55:04 PM -0500
V3.x:(not available)
V2.0: 6.2 MEDIUM
CVE-2014-1232

Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: January 08, 2014; 10:30:02 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-7279

Cross-site scripting (XSS) vulnerability in views/video-management/preview_video.php in the S3 Video plugin before 0.983 for WordPress allows remote attackers to inject arbitrary web script or HTML via the base parameter.

Published: January 08, 2014; 10:30:02 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-7276

Cross-site scripting (XSS) vulnerability in inc/raf_form.php in the Recommend to a friend plugin 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the current_url parameter.

Published: January 08, 2014; 10:30:02 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM