Search Results (Refine Search)
- Keyword (text search): Wordpress
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2012-6512 |
The Organizer plugin 1.2.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors to (1) plugin_hook.php, (2) page/index.php, (3) page/dir.php (4) page/options.php, (5) page/resize.php, (6) page/upload.php, (7) page/users.php, or (8) page/view.php. Published: January 23, 2013; 8:55:05 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-6511 |
Multiple cross-site scripting (XSS) vulnerabilities in organizer/page/users.php in the Organizer plugin 1.2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) delete_id parameter or (2) extension parameter in an "Update Setting" action to wp-admin/admin.php. Published: January 23, 2013; 8:55:05 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-6506 |
Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php. Published: January 23, 2013; 8:55:04 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-4618 |
Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. Published: January 23, 2013; 8:55:02 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-6499 |
Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter. Published: January 11, 2013; 11:33:49 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2011-5254 |
Unspecified vulnerability in the Connections plugin before 0.7.1.6 for WordPress has unknown impact and attack vectors. Published: January 11, 2013; 11:33:49 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2013-0721 |
wp-php-widget.php in the WP PHP widget plugin 1.0.2 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. Published: January 02, 2013; 6:46:23 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-5868 |
WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack. Published: December 27, 2012; 6:47:01 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 2.6 LOW |
CVE-2012-5469 |
The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod. Published: December 20, 2012; 7:02:18 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2012-5178 |
Cross-site request forgery (CSRF) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that complete a purchase. Published: December 19, 2012; 6:55:55 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-5177 |
Cross-site scripting (XSS) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: December 19, 2012; 6:55:55 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-6313 |
simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace. Published: December 11, 2012; 7:18:37 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-6312 |
Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php. Published: December 11, 2012; 7:18:37 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-5913 |
Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php. Published: November 17, 2012; 4:55:06 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-5856 |
Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka uk-cookie) plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: November 17, 2012; 2:55:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-5226 |
Cross-site request forgery (CSRF) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to hijack the authentication of an administrator for requests that trigger snapshots. Published: October 25, 2012; 1:55:05 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-5225 |
Cross-site scripting (XSS) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Published: October 25, 2012; 1:55:05 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-5224 |
SQL injection vulnerability in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Published: October 25, 2012; 1:55:05 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-5216 |
SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress plugin before 1.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the active parameter. NOTE: some of these details are obtained from third party information. Published: October 25, 2012; 1:55:03 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2012-5388 |
Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, a related issue to CVE-2012-5387. Published: October 24, 2012; 1:55:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 3.5 LOW |