Vulnerabilities (CVE)

Vendor filter

Wordpress Subscribe

Product filter

Wordpress Subscribe

Filter

298 total CVE
CVE Vendors Products Updated CVSS
CVE-2011-4898 1 Wordpress 1 Wordpress 2012-01-31 5.0
** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it...
CVE-2012-0937 1 Wordpress 1 Wordpress 2012-01-31 5.0
** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy...
CVE-2006-4028 1 Wordpress 1 Wordpress 2011-09-01 10.0
Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is...
CVE-2008-0664 1 Wordpress 1 Wordpress 2011-03-08 6.4
The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors.
CVE-2007-1622 1 Wordpress 1 Wordpress 2011-03-08 4.3
Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO...
CVE-2007-1230 1 Wordpress 1 Wordpress 2011-03-08 5.8
Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different...
CVE-2007-1049 1 Wordpress 1 Wordpress 2011-03-08 4.3
Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or...
CVE-2006-5705 1 Wordpress 1 Wordpress 2011-03-08 6.0
Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment...
CVE-2010-0682 1 Wordpress 1 Wordpress 2011-01-19 4.0
WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.
CVE-2007-6677 2 Peters Software, Wordpress 2 Random Anti-spam Image, Wordpress 2008-11-15 4.3
Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam Image 0.2.4 and earlier plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the comment field in the comment form.
CVE-2007-3543 1 Wordpress 2 Wordpress Mu, Wordpress 2008-11-15 6.0
Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file...
CVE-2008-3233 1 Wordpress 1 Wordpress 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN development versions only, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-0618 2 Wordpress, Daniel M. Schurter 2 Dmsguestbook, Wordpress 2008-09-05 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) gbname, (2) gbemail, (3) gburl, and (4) gbmsg parameters to...
CVE-2006-6017 1 Wordpress 1 Wordpress 2008-09-05 4.0
WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1)...
CVE-2006-6016 1 Wordpress 1 Wordpress 2008-09-05 4.0
wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter.
CVE-2006-1796 1 Wordpress 1 Wordpress 2008-09-05 6.8
Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet...
CVE-2006-1263 1 Wordpress 1 Wordpress 2008-09-05 4.3
Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVE-2005-2612 1 Wordpress 1 Wordpress 2008-09-05 7.5
Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie.