Search Results (13661 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-1186 2 Alex Rabe, Wordpress 2 Nextgen Gallery, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the NextGEN Gallery plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter.
CVE-2010-5294 1 Wordpress 1 Wordpress 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the request_filesystem_credentials function in wp-admin/includes/file.php in WordPress before 3.0.2 allow remote servers to inject arbitrary web script or HTML by providing a crafted error message for a (1) FTP or (2) SSH connection attempt.
CVE-2012-2109 2 Buddypress, Wordpress 2 Buddypress, Wordpress 2025-04-11 N/A
SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action.
CVE-2012-5327 2 Cartpauj, Wordpress 2 Mingle-forum, Wordpress 2025-04-11 N/A
Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) delete_usrgrp[] parameter in a delete_usergroups action, (2) usergroup parameter in an add_user_togroup action, or (3) add_forum_group_id parameter in an add_forum_submit action.
CVE-2011-5104 2 Getshopped, Wordpress 2 Wp E-commerce, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in wpsc-admin/display-sales-logs.php in WP e-Commerce plugin 3.8.7.1 and possibly earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_text parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-4779 2 Bravenewcode, Wordpress 2 Wptouch, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in lib/includes/auth.inc.php in the WPtouch plugin 1.9.19.4 and 1.9.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wptouch_settings parameter to include/adsense-new.php. NOTE: some of these details are obtained from third party information.
CVE-2011-5216 2 Troyef, Wordpress 2 Scorm Cloud, Wordpress 2025-04-11 N/A
SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress plugin before 1.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the active parameter. NOTE: some of these details are obtained from third party information.
CVE-2011-5257 2 Appthemes, Wordpress 2 Classipress, Wordpress 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Classipress theme before 3.1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) twitter_id parameter related to the Twitter widget and (2) facebook_id parameter related to the Facebook widget.
CVE-2011-5208 2 Backwpup, Wordpress 2 Backwpup, Wordpress 2025-04-11 N/A
Multiple directory traversal vulnerabilities in the BackWPup plugin before 1.4.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the wpabs parameter to (1) app/options-view_log-iframe.php or (2) app/options-runnow-iframe.php.
CVE-2010-4747 2 Ahmattox, Wordpress 2 Processing Embed Plugin, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in wordpress-processing-embed/data/popup.php in the Processing Embed plugin 0.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pluginurl parameter.
CVE-2011-5194 2 Phpace, Wordpress 2 Samswhois, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin before 1.4.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vulnerability than CVE-2011-5193.
CVE-2012-5318 2 Kishore Asokan, Wordpress 2 Kish Guest Posting Plugin, Wordpress 2025-04-11 N/A
Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1125.
CVE-2011-5191 2 Blairwilliams, Wordpress 2 Pretty Link Lite Plugin, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5192.
CVE-2012-5310 2 Getshopped, Wordpress 2 Wp E-commerce, Wordpress 2025-04-11 N/A
SQL injection vulnerability in the WP e-Commerce plugin before 3.8.7.6 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-4956 1 Wordpress 1 Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2371 2 Mnt-tech, Wordpress 2 Wp-facethumb, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter.
CVE-2011-5182 1 Wordpress 2 Lanoba Social Plugin, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in lanoba-social-plugin/index.php in the Lanoba Social plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor disputes this issue, stating "Lanoba's plug in does sanitize user input, and because that input is never sent to the browser, an attacker has no way of executing script or code on a user's behalf.
CVE-2012-2399 1 Wordpress 1 Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414.
CVE-2012-2401 2 Moxiecode, Wordpress 2 Plupload, Wordpress 2025-04-11 N/A
Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.
CVE-2011-5181 2 Clickdesk, Wordpress 2 Clickdesk Live Support-live Chat Plugin, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter. NOTE: some of these details are obtained from third party information.