Vulnerabilities (CVE)

Vendor filter

Wordpress Subscribe

Filter

28 total CVE
CVE Vendors Products Updated CVSS
CVE-2014-5240 2 Wordpress, Debian 2 Debian Linux, Wordpress 2015-11-25 2.1
Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via...
CVE-2010-5297 1 Wordpress 1 Wordpress 2014-01-21 2.1
WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in...
CVE-2013-4340 1 Wordpress 1 Wordpress 2013-10-02 3.5
wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified user_ID parameter.
CVE-2013-5739 1 Wordpress 1 Wordpress 2013-09-27 3.5
The default configuration of WordPress before 3.6.1 does not prevent uploads of .swf and .exe files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file, related to the...
CVE-2012-5868 1 Wordpress 1 Wordpress 2013-01-08 2.6
WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.
CVE-2012-0287 1 Wordpress 1 Wordpress 2012-10-12 2.6
Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not...
CVE-2012-3383 1 Wordpress 1 Wordpress 2012-09-18 2.6
The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended...
CVE-2012-4422 1 Wordpress 1 Wordpress 2012-09-17 3.5
wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated...