Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
577 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2012-2912 | 2 Kolja Schleich, Wordpress | 2 Leaguemanager, Wordpress | 2024-08-06 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the LeagueManager plugin 3.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter in the show-league page or (2) season parameter in the team page to wp-admin/admin.php. | ||||
CVE-2012-2916 | 2 Dlo, Wordpress | 2 Simple Anti Bot Registration Engine Plugin, Wordpress | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in the SABRE plugin before 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the active_option parameter to wp-admin/tools.php. | ||||
CVE-2012-2917 | 2 Andrew Killen, Wordpress | 2 Share And Follow, Wordpress | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in the Share and Follow plugin 1.80.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the CDN API Key (cnd-key) in a share-and-follow-menu page to wp-admin/admin.php. | ||||
CVE-2012-2920 | 2 User Photo, Wordpress | 2 User Photo, Wordpress | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in the userphoto_options_page function in user-photo.php in the User Photo plugin before 0.9.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to wp-admin/options-general.php. NOTE: some of these details are obtained from third party information. | ||||
CVE-2012-2759 | 2 Netweblogic, Wordpress | 2 Login With Ajax, Wordpress | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the Login With Ajax (aka login-with-ajax) plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter in a lostpassword action to wp-login.php. | ||||
CVE-2012-2403 | 1 Wordpress | 1 Wordpress | 2024-08-06 | N/A |
wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | ||||
CVE-2012-2402 | 1 Wordpress | 1 Wordpress | 2024-08-06 | N/A |
wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors. | ||||
CVE-2012-2404 | 1 Wordpress | 1 Wordpress | 2024-08-06 | N/A |
wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | ||||
CVE-2012-2399 | 1 Wordpress | 1 Wordpress | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414. | ||||
CVE-2012-2400 | 1 Wordpress | 1 Wordpress | 2024-08-06 | N/A |
Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors. | ||||
CVE-2012-2401 | 2 Moxiecode, Wordpress | 2 Plupload, Wordpress | 2024-08-06 | N/A |
Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content. | ||||
CVE-2012-1785 | 2 Kylegilman, Wordpress | 2 Video Embed \& Thumbnail Generator, Wordpress | 2024-08-06 | N/A |
kg_callffmpeg.php in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to execute arbitrary commands via unspecified vectors. | ||||
CVE-2012-1786 | 2 Kylegilman, Wordpress | 2 Video Embed \& Thumbnail Generator, Wordpress | 2024-08-06 | N/A |
The Media Upload form in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to obtain the installation path via unknown vectors. | ||||
CVE-2012-1125 | 2 Kishore Asokan, Wordpress | 2 Kish Guest Posting Plugin, Wordpress | 2024-08-06 | N/A |
Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin before 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. | ||||
CVE-2012-1067 | 2 Mg12, Wordpress | 2 Wp-recentcomments, Wordpress | 2024-08-06 | N/A |
SQL injection vulnerability in the WP-RecentComments plugin 2.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in an rc-content action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
CVE-2012-1068 | 2 Mg12, Wordpress | 2 Wp-recentcomments, Wordpress | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in the rc_ajax function in core.php in the WP-RecentComments plugin before 2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter, related to AJAX paging. | ||||
CVE-2012-1010 | 2 Likno, Wordpress | 2 Allwebmenus Plugin, Wordpress | 2024-08-06 | N/A |
Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory. | ||||
CVE-2012-1011 | 2 Likno, Wordpress | 2 Allwebmenus Plugin, Wordpress | 2024-08-06 | N/A |
actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory. | ||||
CVE-2012-0896 | 3 Count Per Day Project, Tom Braider, Wordpress | 3 Count Per Day, Count Per Day, Wordpress | 2024-08-06 | N/A |
Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter. | ||||
CVE-2012-0895 | 2 Tom Braider, Wordpress | 2 Count Per Day, Wordpress | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter. |