Vulnerabilities (CVE)

Vendor filter

Wordpress Subscribe

Filter

347 total CVE
CVE Vendors Products Updated CVSS
CVE-2008-3233 1 Wordpress 1 Wordpress 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN development versions only, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-0618 2 Wordpress, Daniel M. Schurter 2 Dmsguestbook, Wordpress 2008-09-05 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) gbname, (2) gbemail, (3) gburl, and (4) gbmsg parameters to...
CVE-2006-6017 1 Wordpress 1 Wordpress 2008-09-05 4.0
WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1)...
CVE-2006-6016 1 Wordpress 1 Wordpress 2008-09-05 4.0
wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter.
CVE-2006-1796 1 Wordpress 1 Wordpress 2008-09-05 6.8
Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet...
CVE-2006-1263 1 Wordpress 1 Wordpress 2008-09-05 4.3
Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVE-2005-2612 1 Wordpress 1 Wordpress 2008-09-05 7.5
Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie.