Filtered by vendor Wordpress Subscriptions
Total 640 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2011-5051 2 Wordpress, Wpsymposium 2 Wordpress, Wp Symposium 2024-11-21 N/A
Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension using (1) uploadify/upload_admin_avatar.php or (2) uploadify/upload_profile_avatar.php, then accessing it via a direct request to the file in an unspecified directory inside the webroot.
CVE-2011-4957 1 Wordpress 1 Wordpress 2024-11-21 N/A
The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a crafted URL that triggers many recursive calls.
CVE-2011-4956 1 Wordpress 1 Wordpress 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-4926 2 Bueltge, Wordpress 2 Adminimize, Wordpress 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2011-4899 1 Wordpress 1 Wordpress 2024-11-21 N/A
wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static code injection and cross-site scripting (XSS) attacks via (1) an HTTP request or (2) a MySQL query. NOTE: the vendor disputes the significance of this issue; however, remote code execution makes the issue important in many realistic environments
CVE-2011-4898 1 Wordpress 1 Wordpress 2024-11-21 N/A
wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it easier for remote attackers to conduct brute-force attacks via a series of requests with different uname and pwd parameters. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether providing intentionally vague error messages during installation would be reasonable from a usability perspective
CVE-2011-4803 2 Bravenewcode, Wordpress 2 Wptouch, Wordpress 2024-11-21 N/A
SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2011-4673 2 Automattic, Wordpress 2 Jetpack, Wordpress 2024-11-21 N/A
SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2011-4671 2 Adrotateplugin, Wordpress 2 Adrotate, Wordpress 2024-11-21 N/A
SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL).
CVE-2011-4669 1 Wordpress 2 Wordpress, Wordpress-users 2024-11-21 N/A
SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the uid parameter to index.php.
CVE-2011-4646 2 Lesterchan, Wordpress 2 Wp-postratings, Wordpress 2024-11-21 N/A
SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information.
CVE-2011-4618 2 Simplerealtytheme, Wordpress 2 Advanced Text Widget Plugin, Wordpress 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2011-4568 2 Foliovision, Wordpress 2 Fv Wordpress Flowplayer Plugin, Wordpress 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in view/frontend-head.php in the Flowplayer plugin before 1.2.12 for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI.
CVE-2011-4562 2 John Godley, Wordpress 2 Redirection Plugin, Wordpress 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in (1) view/admin/log_item.php and (2) view/admin/log_item_details.php in the Redirection plugin 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist.
CVE-2011-4342 2 Backwpup, Wordpress 2 Backwpup, Wordpress 2024-11-21 N/A
PHP remote file inclusion vulnerability in wp_xml_export.php in the BackWPup plugin before 1.7.2 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter.
CVE-2011-3981 2 Likno, Wordpress 2 Allwebmenus Plugin, Wordpress 2024-11-21 N/A
PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
CVE-2011-3865 2 Ulyssesonline, Wordpress 2 Black-letterhead, Wordpress 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the Black-LetterHead theme before 1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
CVE-2011-3864 2 Somadesign, Wordpress 2 The Erudite, Wordpress 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the The Erudite theme before 2.7.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
CVE-2011-3863 2 Post-scriptum, Wordpress 2 Redline, Wordpress 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the RedLine theme before 1.66 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2011-3862 2 Adazing, Wordpress 2 Morning Coffee, Wordpress 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the Morning Coffee theme before 3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.