Export limit exceeded: 12743 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12743 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-4342 | 2 Backwpup, Wordpress | 2 Backwpup, Wordpress | 2025-04-11 | N/A |
| PHP remote file inclusion vulnerability in wp_xml_export.php in the BackWPup plugin before 1.7.2 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter. | ||||
| CVE-2011-5051 | 2 Wordpress, Wpsymposium | 2 Wordpress, Wp Symposium | 2025-04-11 | N/A |
| Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension using (1) uploadify/upload_admin_avatar.php or (2) uploadify/upload_profile_avatar.php, then accessing it via a direct request to the file in an unspecified directory inside the webroot. | ||||
| CVE-2012-1205 | 2 Alanft, Wordpress | 2 Relocate-upload, Wordpress | 2025-04-11 | N/A |
| PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin before 0.20 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. | ||||
| CVE-2013-7240 | 2 Westerndeal, Wordpress | 2 Advanced Dewplayer, Wordpress | 2025-04-11 | N/A |
| Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter. | ||||
| CVE-2012-6499 | 2 Age Verification Project, Wordpress | 2 Age Verification, Wordpress | 2025-04-11 | N/A |
| Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter. | ||||
| CVE-2013-5672 | 2 Indianic, Wordpress | 2 Testimonial Plugin, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the IndiaNIC Testimonial plugin 2.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add a testimonial via an iNIC_testimonial_save action; (2) add a listing template via an iNIC_testimonial_save_listing_template action; (3) add a widget template via an iNIC_testimonial_save_widget action; insert cross-site scripting (XSS) sequences via the (4) project_name, (5) project_url, (6) client_name, (7) client_city, (8) client_state, (9) description, (10) tags, (11) video_url, or (12) is_featured, (13) title, (14) widget_title, (15) no_of_testimonials, (16) filter_by_country, (17) filter_by_tags, or (18) widget_template parameter to wp-admin/admin-ajax.php. | ||||
| CVE-2012-0287 | 2 Microsoft, Wordpress | 2 Internet Explorer, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the "Duplicate comment detected" feature. | ||||
| CVE-2013-5098 | 2 Mikejolley, Wordpress | 2 Download Monitor, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the sort parameter, a different vulnerability than CVE-2013-3262. | ||||
| CVE-2012-4272 | 2 Ppfeufer, Wordpress | 2 2-click-social-media-buttons, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "processing of the buttons of Xing and Pinterest". | ||||
| CVE-2012-5177 | 2 Welcart, Wordpress | 2 Welcart Plugin, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2011-3125 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Various security hardening." | ||||
| CVE-2012-0937 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter, a different vulnerability than CVE-2011-4898. NOTE: the vendor disputes the significance of this issue because an incomplete WordPress installation might be present on the network for only a short time | ||||
| CVE-2012-2403 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | ||||
| CVE-2012-4448 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboard_incoming_links edit action. | ||||
| CVE-2011-5192 | 2 Blairwilliams, Wordpress | 2 Pretty Link Lite Plugin, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5191. | ||||
| CVE-2012-4273 | 2 Ppfeufer, Wordpress | 2 2-click-social-media-buttons, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter. | ||||
| CVE-2011-3862 | 2 Adazing, Wordpress | 2 Morning Coffee, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Morning Coffee theme before 3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. | ||||
| CVE-2013-3253 | 2 Wordpress, Xhanch | 2 Wordpress, My Twitter | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/setting.php in the Xhanch - My Twitter plugin before 2.7.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change unspecified settings. | ||||
| CVE-2012-3414 | 3 Swfupload Project, Tinymce, Wordpress | 3 Swfupload, Image Manager, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function. | ||||
| CVE-2013-3262 | 2 Mikejolley, Wordpress | 2 Download Monitor, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the p parameter. | ||||