Search Results (14054 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-2696 2 Crunchify, Wordpress 2 All-in-on-webmaster, Wordpress 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the All in One Webmaster plugin before 8.2.4 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVE-2012-2913 2 Mapsmarker, Wordpress 2 Leaflet Maps Marker Plugin, Wordpress 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plugin 0.0.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) leaflet_layer.php or (2) leaflet_marker.php, as reachable through wp-admin/admin.php.
CVE-2012-2916 2 Dlo, Wordpress 2 Simple Anti Bot Registration Engine Plugin, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in the SABRE plugin before 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the active_option parameter to wp-admin/tools.php.
CVE-2012-2917 2 Andrew Killen, Wordpress 2 Share And Follow, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Share and Follow plugin 1.80.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the CDN API Key (cnd-key) in a share-and-follow-menu page to wp-admin/admin.php.
CVE-2012-1835 2 Timely, Wordpress 2 All-in-one Event Calendar, Wordpress 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php.
CVE-2012-2920 2 User Photo, Wordpress 2 User Photo, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the userphoto_options_page function in user-photo.php in the User Photo plugin before 0.9.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to wp-admin/options-general.php. NOTE: some of these details are obtained from third party information.
CVE-2010-4536 1 Wordpress 1 Wordpress 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersand) character, (2) the case of an attribute name, (3) a padded entity, and (4) an entity that is not in normalized form.
CVE-2012-1067 2 Mg12, Wordpress 2 Wp-recentcomments, Wordpress 2025-04-11 N/A
SQL injection vulnerability in the WP-RecentComments plugin 2.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in an rc-content action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2012-4283 2 Netweblogic, Wordpress 2 Login With Ajax, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Login With Ajax plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter.
CVE-2011-5264 2 Marcel Brinkkemper, Wordpress 2 Lazyest-backup, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in lazyest-backup.php in the Lazyest Backup plugin before 0.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xml_or_all parameter.
CVE-2012-4273 2 Ppfeufer, Wordpress 2 2-click-social-media-buttons, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter.
CVE-2013-3530 2 Fabricio Zuardi, Wordpress 2 Xspf Player Plugin, Wordpress 2025-04-11 N/A
SQL injection vulnerability in playlist.php in the Spiffy XSPF Player plugin 0.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the playlist_id parameter.
CVE-2012-5469 2 Phpmyadmin, Wordpress 2 Phpmyadmin, Wordpress 2025-04-11 N/A
The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod.
CVE-2011-5257 2 Appthemes, Wordpress 2 Classipress, Wordpress 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Classipress theme before 3.1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) twitter_id parameter related to the Twitter widget and (2) facebook_id parameter related to the Facebook widget.
CVE-2011-4342 2 Backwpup, Wordpress 2 Backwpup, Wordpress 2025-04-11 N/A
PHP remote file inclusion vulnerability in wp_xml_export.php in the BackWPup plugin before 1.7.2 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter.
CVE-2011-5192 2 Blairwilliams, Wordpress 2 Pretty Link Lite Plugin, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5191.
CVE-2010-4747 2 Ahmattox, Wordpress 2 Processing Embed Plugin, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in wordpress-processing-embed/data/popup.php in the Processing Embed plugin 0.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pluginurl parameter.
CVE-2011-4956 1 Wordpress 1 Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-5225 2 Trioniclabs, Wordpress 2 Sentinel, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2011-5224 2 Trioniclabs, Wordpress 2 Sentinel, Wordpress 2025-04-11 N/A
SQL injection vulnerability in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.