U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 4,164 matching records.
Displaying matches 3,541 through 3,560.
Vuln ID Summary CVSS Severity
CVE-2013-2693

Cross-site request forgery (CSRF) vulnerability in the Options in the WP-Print plugin before 2.52 for WordPress allows remote attackers to hijack the authentication of administrators for requests that manipulate plugin settings via unspecified vectors.

Published: April 10, 2014; 4:29:20 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-4921

Multiple cross-site request forgery (CSRF) vulnerabilities in the DVS Custom Notification plugin 1.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change application settings or (2) conduct cross-site scripting (XSS) attacks.

Published: April 10, 2014; 4:29:18 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-0166

The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie.

Published: April 09, 2014; 8:55:09 PM -0400
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2014-0165

WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php.

Published: April 09, 2014; 8:55:06 PM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2012-1834

Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cms_tpv_view parameter to wp-admin/options-general.php.

Published: April 07, 2014; 11:55:03 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-2287

Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter.

Published: April 04, 2014; 10:55:11 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-4920

Directory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Forum (aka Forums) plugin before 1.4.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter to index.php.

Published: April 04, 2014; 10:55:04 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-2340

Cross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php.

Published: April 03, 2014; 12:15:44 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-0735

Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post, (2) sticky, or (3) closed action or (4) thread parameter in a postreply action to index.php.

Published: April 02, 2014; 2:55:21 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2013-4240

Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add new testimonials via the hms-testimonials-addnew page, (2) add new groups via the hms-testimonials-addnewgroup page, (3) change default settings via the hms-testimonials-settings page, (4) change advanced settings via the hms-testimonials-settings-advanced page, (5) change custom fields settings via the hms-testimonials-settings-fields page, or (6) change template settings via the hms-testimonials-templates-new page to wp-admin/admin.php.

Published: April 02, 2014; 12:05:50 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-2695

Cross-site scripting (XSS) vulnerability in invite.php in the WP Symposium plugin before 13.04 for WordPress allows remote attackers to inject arbitrary web script or HTML via the u parameter.

Published: March 28, 2014; 11:55:08 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-2694

Open redirect vulnerability in invite.php in the WP Symposium plugin 13.04 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the u parameter.

Published: March 28, 2014; 11:55:08 AM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2013-0734

Multiple cross-site scripting (XSS) vulnerabilities in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) search_words parameter in a search action to wpf.class.php or (2) togroupusers parameter in an add_user_togroup action to fs-admin/fs-admin.php.

Published: March 28, 2014; 11:55:08 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-1408

Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.

Published: March 24, 2014; 12:43:02 PM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2013-1759

Cross-site scripting (XSS) vulnerability in the Responsive Logo Slideshow plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the "URL and Image" field.

Published: March 14, 2014; 10:55:04 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-1758

Cross-site scripting (XSS) vulnerability in the Marekkis Watermark plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pfad parameter to wp-admin/options-general.php. NOTE: some of these details are obtained from third party information.

Published: March 14, 2014; 10:55:04 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-2265

Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpcf7_captcha_challenge_captcha-719 parameter.

Published: March 14, 2014; 6:55:06 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2013-1636

Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers to inject arbitrary web script or HTML via the get-data parameter.

Published: March 12, 2014; 10:55:26 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-2316

SQL injection vulnerability in se_search_default in the Search Everything plugin before 7.0.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the s parameter to index.php. NOTE: some of these details are obtained from third party information.

Published: March 09, 2014; 9:16:57 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-2315

Multiple cross-site scripting (XSS) vulnerabilities in the Thank You Counter Button plugin 1.8.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) thanks_caption, (2) thanks_caption_style, or (3) thanks_style parameter to wp-admin/options.php.

Published: March 09, 2014; 9:16:57 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM