Vulnerabilities (CVE)

Vendor filter

Wordpress Subscribe

Filter

347 total CVE
CVE Vendors Products Updated CVSS
CVE-2012-4421 1 Wordpress 1 Wordpress 2012-09-17 4.0
The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the...
CVE-2012-4422 1 Wordpress 1 Wordpress 2012-09-17 3.5
wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated...
CVE-2012-3384 1 Wordpress 1 Wordpress 2012-08-09 6.8
Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2012-3385 1 Wordpress 1 Wordpress 2012-07-23 5.0
WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors.
CVE-2011-4957 1 Wordpress 1 Wordpress 2012-06-28 5.0
The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a...
CVE-2011-4956 1 Wordpress 1 Wordpress 2012-06-28 4.3
Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-3818 1 Wordpress 1 Wordpress 2012-05-21 5.0
WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by wp-admin/includes/user.php and certain other files.
CVE-2012-0782 1 Wordpress 1 Wordpress 2012-01-31 4.3
** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2)...
CVE-2011-4899 1 Wordpress 1 Wordpress 2012-01-31 7.5
** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via...
CVE-2012-0937 1 Wordpress 1 Wordpress 2012-01-31 5.0
** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy...
CVE-2011-4898 1 Wordpress 1 Wordpress 2012-01-31 5.0
** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it...
CVE-2006-4028 1 Wordpress 1 Wordpress 2011-09-01 10.0
Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is...
CVE-2008-0664 1 Wordpress 1 Wordpress 2011-03-08 6.4
The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors.
CVE-2007-1622 1 Wordpress 1 Wordpress 2011-03-08 4.3
Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO...
CVE-2007-1230 1 Wordpress 1 Wordpress 2011-03-08 5.8
Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different...
CVE-2007-1049 1 Wordpress 1 Wordpress 2011-03-08 4.3
Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or...
CVE-2006-5705 1 Wordpress 1 Wordpress 2011-03-08 6.0
Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment...
CVE-2010-0682 1 Wordpress 1 Wordpress 2011-01-19 4.0
WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.
CVE-2007-6677 2 Peters Software, Wordpress 2 Random Anti-spam Image, Wordpress 2008-11-15 4.3
Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam Image 0.2.4 and earlier plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the comment field in the comment form.
CVE-2007-3543 1 Wordpress 2 Wordpress Mu, Wordpress 2008-11-15 6.0
Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file...