U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 4,132 matching records.
Displaying matches 3,801 through 3,820.
Vuln ID Summary CVSS Severity
CVE-2011-3859

Cross-site scripting (XSS) vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.

Published: September 28, 2011; 6:55:04 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-3858

Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

Published: September 28, 2011; 6:55:04 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-3857

Cross-site scripting (XSS) vulnerability in the Antisnews theme before 1.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

Published: September 28, 2011; 6:55:04 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-3856

Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme before 1.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

Published: September 28, 2011; 6:55:04 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-3855

Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

Published: September 28, 2011; 6:55:03 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-3854

Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

Published: September 28, 2011; 6:55:03 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-3853

Cross-site scripting (XSS) vulnerability in the Hybrid theme before 0.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.

Published: September 28, 2011; 6:55:03 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-3852

Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

Published: September 28, 2011; 6:55:03 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-3851

Cross-site scripting (XSS) vulnerability in the News theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.

Published: September 28, 2011; 6:55:03 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-3850

Cross-site scripting (XSS) vulnerability in the Atahualpa theme before 3.6.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

Published: September 28, 2011; 6:55:03 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-3818

WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by wp-admin/includes/user.php and certain other files.

Published: September 23, 2011; 8:55:03 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2010-4839

SQL injection vulnerability in the Event Registration plugin 5.32 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the event_id parameter in a register action.

Published: September 13, 2011; 10:56:38 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-2700

Multiple buffer overflows in the si4713_write_econtrol_string function in drivers/media/radio/si4713-i2c.c in the Linux kernel before 2.6.39.4 on the N900 platform might allow local users to cause a denial of service or have unspecified other impact via a crafted s_ext_ctrls operation with a (1) V4L2_CID_RDS_TX_PS_NAME or (2) V4L2_CID_RDS_TX_RADIO_TEXT control ID.

Published: September 06, 2011; 11:55:07 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2010-4825

Cross-site scripting (XSS) vulnerability in magpie_debug.php in the Twitter Feed plugin (wp-twitter-feed) 0.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.

Published: August 24, 2011; 6:55:05 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-3130

wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Taxonomy query hardening," possibly involving SQL injection.

Published: August 10, 2011; 5:55:02 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-3129

The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames.

Published: August 10, 2011; 5:55:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-3128

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php.

Published: August 10, 2011; 5:55:02 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-3127

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for (1) admin or (2) login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

Published: August 10, 2011; 5:55:02 PM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2011-3126

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote attackers to determine usernames of non-authors via canonical redirects.

Published: August 10, 2011; 5:55:02 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-3125

Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Various security hardening."

Published: August 10, 2011; 5:55:02 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH