Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 3,408 matching records.
Displaying matches 2,941 through 2,960.
Vuln ID Summary CVSS Severity
CVE-2012-5177

Cross-site scripting (XSS) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: December 19, 2012; 6:55:55 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-6313

simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace.

Published: December 11, 2012; 7:18:37 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-6312

Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php.

Published: December 11, 2012; 7:18:37 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-5568

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

Published: November 30, 2012; 2:55:01 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-6051

Google CityHash computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack.

Published: November 28, 2012; 8:03:10 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-5373

Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm, a different vulnerability than CVE-2012-2739.

Published: November 28, 2012; 8:03:10 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-5372

Rubinius computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm.

Published: November 28, 2012; 8:03:10 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-5371

Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.

Published: November 28, 2012; 8:03:10 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-5370

JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4838.

Published: November 28, 2012; 8:03:10 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-0433

Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642.

Published: November 19, 2012; 7:10:48 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-5913

Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php.

Published: November 17, 2012; 4:55:06 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-5856

Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka uk-cookie) plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: November 17, 2012; 2:55:01 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-5226

Cross-site request forgery (CSRF) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to hijack the authentication of an administrator for requests that trigger snapshots.

Published: October 25, 2012; 1:55:05 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-5225

Cross-site scripting (XSS) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Published: October 25, 2012; 1:55:05 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-5224

SQL injection vulnerability in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: October 25, 2012; 1:55:05 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-5216

SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress plugin before 1.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the active parameter. NOTE: some of these details are obtained from third party information.

Published: October 25, 2012; 1:55:03 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2012-5388

Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, a related issue to CVE-2012-5387.

Published: October 24, 2012; 1:55:02 PM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2012-5387

Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences.

Published: October 24, 2012; 1:55:02 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-5212

SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 allows remote attackers to execute arbitrary SQL commands via the (1) user name or (2) password field.

Published: October 22, 2012; 7:55:04 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-5211

Cross-site scripting (XSS) vulnerability in the poll module in Subrion CMS 2.0.4 allows remote attackers to inject arbitrary web script or HTML via the title field. NOTE: some of these details are obtained from third party information. NOTE: this might overlap CVE-2012-5452.

Published: October 22, 2012; 7:55:04 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM