Filtered by vendor Wordpress
Subscriptions
Total
637 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2012-4271 | 2 Mark Jaquith, Wordpress | 2 Bad Behavior, Wordpress | 2024-08-06 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in bad-behavior-wordpress-admin.php in the Bad Behavior plugin before 2.0.47 and 2.2.x before 2.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) httpbl_key, (3) httpbl_maxage, (4) httpbl_threat, (5) reverse_proxy_addresses, or (6) reverse_proxy_header parameter. | ||||
CVE-2012-4273 | 2 Ppfeufer, Wordpress | 2 2-click-social-media-buttons, Wordpress | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter. | ||||
CVE-2012-4263 | 2 Bit51, Wordpress | 2 Better-wp-security, Wordpress | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_USER_AGENT header. | ||||
CVE-2012-4268 | 2 Ait-pro, Wordpress | 2 Bulletproof-security, Wordpress | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in bulletproof-security/admin/options.php in the BulletProof Security plugin before .47.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_ACCEPT_ENCODING header. | ||||
CVE-2012-4242 | 2 Mf Gig Calendar Project, Wordpress | 2 Mf Gig Calendar, Wordpress | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page. | ||||
CVE-2012-4033 | 2 Wordpress, Zingiri | 2 Wordpress, Zingiri Web Shop | 2024-08-06 | N/A |
Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin before 2.4.0 for WordPress have unknown impact and attack vectors. | ||||
CVE-2012-1936 | 1 Wordpress | 1 Wordpress | 2024-08-06 | N/A |
The wp_create_nonce function in wp-includes/pluggable.php in WordPress 3.3.1 and earlier associates a nonce with a user account instead of a user session, which might make it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks on specific actions and objects by sniffing the network, as demonstrated by attacks against the wp-admin/admin-ajax.php and wp-admin/user-new.php scripts. NOTE: the vendor reportedly disputes the significance of this issue because wp_create_nonce operates as intended, even if it is arguably inconsistent with certain CSRF protection details advocated by external organizations | ||||
CVE-2012-3578 | 1 Wordpress | 2 Fcchat Widget, Wordpress | 2024-08-06 | N/A |
Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in html/images. | ||||
CVE-2012-3574 | 2 Tbelmans, Wordpress | 2 Mm Forms Community, Wordpress | 2024-08-06 | N/A |
Unrestricted file upload vulnerability in includes/doajaxfileupload.php in the MM Forms Community plugin 2.2.5 and 2.2.6 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/temp. | ||||
CVE-2012-3576 | 2 Jquindlen, Wordpress | 2 Wpstorecart, Wordpress | 2024-08-06 | N/A |
Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin before 2.5.30 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/wpstorecart. | ||||
CVE-2012-3588 | 1 Wordpress | 2 Plugin Newsletter Plugin, Wordpress | 2024-08-06 | N/A |
Directory traversal vulnerability in preview.php in the Plugin Newsletter plugin 1.5 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the data parameter. | ||||
CVE-2012-3577 | 2 Nmedia, Wordpress | 2 Member Conversation, Wordpress | 2024-08-06 | N/A |
Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/user_uploads. | ||||
CVE-2012-3575 | 2 Rbx Gallery, Wordpress | 2 Rbx Gallery, Wordpress | 2024-08-06 | N/A |
Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/rbxslider. | ||||
CVE-2012-3384 | 1 Wordpress | 1 Wordpress | 2024-08-06 | N/A |
Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
CVE-2012-3414 | 3 Swfupload Project, Tinymce, Wordpress | 3 Swfupload, Image Manager, Wordpress | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function. | ||||
CVE-2012-3383 | 1 Wordpress | 1 Wordpress | 2024-08-06 | N/A |
The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks by leveraging the Administrator or Editor role and composing crafted text. | ||||
CVE-2012-3385 | 1 Wordpress | 1 Wordpress | 2024-08-06 | N/A |
WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors. | ||||
CVE-2012-2913 | 2 Mapsmarker, Wordpress | 2 Leaflet Maps Marker Plugin, Wordpress | 2024-08-06 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plugin 0.0.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) leaflet_layer.php or (2) leaflet_marker.php, as reachable through wp-admin/admin.php. | ||||
CVE-2012-2912 | 2 Kolja Schleich, Wordpress | 2 Leaguemanager, Wordpress | 2024-08-06 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the LeagueManager plugin 3.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter in the show-league page or (2) season parameter in the team page to wp-admin/admin.php. | ||||
CVE-2012-2916 | 2 Dlo, Wordpress | 2 Simple Anti Bot Registration Engine Plugin, Wordpress | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in the SABRE plugin before 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the active_option parameter to wp-admin/tools.php. |