Filtered by vendor Wordpress
Subscriptions
Total
10743 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4732 | 2 Pressography, Wordpress | 2 Wp Comment Remix Plugin, Wordpress | 2025-04-09 | N/A |
| SQL injection vulnerability in ajax_comments.php in the WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the p parameter. | ||||
| CVE-2008-0205 | 1 Wordpress | 1 Math Comment Spam Protection Plugin | 2025-04-09 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) mcsp_opt_msg_no_answer or (2) mcsp_opt_msg_wrong_answer parameter to wp-admin/options-general.php. | ||||
| CVE-2009-2852 | 2 Ryan.mcgeary, Wordpress | 2 Wp-syntax, Wordpress | 2025-04-09 | N/A |
| WP-Syntax plugin 0.9.1 and earlier for Wordpress, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via the test_filter[wp_head] array parameter to test/index.php, which is used in a call to the call_user_func_array function. | ||||
| CVE-2008-0222 | 1 Wordpress | 1 Filemanager | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for WordPress allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors. | ||||
| CVE-2008-6811 | 2 Instinct, Wordpress | 2 E-commerce Plugin, Wordpress | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in image_processing.php in the e-Commerce Plugin 3.4 and earlier for Wordpress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/plugins/wp-shopping-cart/. | ||||
| CVE-2008-4671 | 1 Wordpress | 1 Wordpress Mu | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) before 2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) s and (2) ip_address parameters. | ||||
| CVE-2009-2122 | 2 Paolo Palmonari, Wordpress | 2 Photoracer Plugin For Wordpress, Wordpress | 2025-04-09 | N/A |
| SQL injection vulnerability in viewimg.php in the Paolo Palmonari Photoracer plugin 1.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-0195 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages. | ||||
| CVE-2007-1599 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirect_to parameter. | ||||
| CVE-2008-1060 | 1 Wordpress | 1 Sniplets Plugin | 2025-04-09 | N/A |
| Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter. | ||||
| CVE-2007-3241 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in blogroll.php in the cordobo-green-park theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI. | ||||
| CVE-2008-0206 | 1 Wordpress | 1 Captcha | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in captcha\captcha.php in the Captcha! 2.5d and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) captcha_ttffolder, (2) captcha_numchars, (3) captcha_ttfrange, or (4) captcha_secret parameter. | ||||
| CVE-2009-0968 | 2 Fahlstad, Wordpress | 2 Fmoblog Plugin, Wordpress | 2025-04-09 | N/A |
| SQL injection vulnerability in fmoblog.php in the fMoblog plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6017 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 6.5 Medium |
| WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display. | ||||
| CVE-2008-1646 | 2 Arnos Toolbox, Wordpress | 2 Wp-download, Wp Download | 2025-04-09 | N/A |
| SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the dl_id parameter. | ||||
| CVE-2007-5105 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the user_email parameter. | ||||
| CVE-2008-7216 | 1 Wordpress | 1 Peter\'s Math Anti-spam For Wordpress | 2025-04-09 | N/A |
| Peter's Math Anti-Spam Spinoff plugin for WordPress generates audio CAPTCHA clips by concatenating static audio files without any additional distortion, which allows remote attackers to bypass CAPTCHA protection by reading certain bytes from the generated clip. | ||||
| CVE-2008-4616 | 2 The Spanner, Wordpress | 2 Spambam Plugin, Spambam Plugin | 2025-04-09 | N/A |
| The SpamBam plugin for WordPress allows remote attackers to bypass restrictions and add blog comments by using server-supplied values to calculate a shared key. | ||||
| CVE-2009-2143 | 2 Firestats, Wordpress | 2 Firestats, Wordpress | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fs_javascript parameter. | ||||
| CVE-2008-0388 | 1 Wordpress | 1 Wp Forum | 2025-04-09 | N/A |
| SQL injection vulnerability in the WP-Forum 1.7.4 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the user parameter in a showprofile action to the default URI. | ||||