Vulnerabilities (CVE)

Vendor filter

Wordpress Subscribe

Filter

347 total CVE
CVE Vendors Products Updated CVSS
CVE-2007-3240 1 Wordpress 1 Wordpress 2018-10-16 4.3
Cross-site scripting (XSS) vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI) that accesses index.php. NOTE: this can be leveraged for PHP...
CVE-2007-3239 1 Wordpress 1 Wordpress 2018-10-16 4.3
Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. NOTE: this can be...
CVE-2007-3238 1 Wordpress 1 Wordpress 2018-10-16 6.0
Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different...
CVE-2007-2821 1 Wordpress 1 Wordpress 2018-10-16 7.5
SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter.
CVE-2007-2627 1 Wordpress 1 Wordpress 2018-10-16 6.8
Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability...
CVE-2007-1894 1 Wordpress 1 Wordpress 2018-10-16 4.3
Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function.
CVE-2007-1599 1 Wordpress 1 Wordpress 2018-10-16 6.5
wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirect_to parameter.
CVE-2007-1409 1 Wordpress 1 Wordpress 2018-10-16 5.0
WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message.
CVE-2007-1277 1 Wordpress 1 Wordpress 2018-10-16 7.5
WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in...
CVE-2007-1244 1 Wordpress 1 Wordpress 2018-10-16 6.8
Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this...
CVE-2007-0541 1 Wordpress 1 Wordpress 2018-10-16 5.0
WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes...
CVE-2007-0540 1 Wordpress 1 Wordpress 2018-10-16 5.0
WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain...
CVE-2007-0539 1 Wordpress 1 Wordpress 2018-10-16 7.8
The wp_remote_fopen function in WordPress before 2.1 allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a large file, which triggers a long...
CVE-2007-0262 1 Wordpress 1 Wordpress 2018-10-16 7.8
WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify that the m parameter value has the string data type, which allows remote attackers to obtain sensitive information via an invalid m[] parameter, as demonstrated by obtaining the...
CVE-2007-0109 1 Wordpress 1 Wordpress 2018-10-16 5.0
wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.
CVE-2007-0107 1 Wordpress 1 Wordpress 2018-10-16 6.8
WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte...
CVE-2007-0106 1 Wordpress 1 Wordpress 2018-10-16 6.8
Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL...
CVE-2008-0845 1 Wordpress 1 Dean Logan Wp-people Plugin 2018-10-15 7.5
SQL injection vulnerability in wp-people-popup.php in Dean Logan WP-People plugin 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the person parameter.
CVE-2008-0837 2 Wordpress, John Godley 2 Search Unleashed Plugin, Search Unleashed 2018-10-15 4.3
Cross-site scripting (XSS) vulnerability in the log feature in the John Godley Search Unleashed 0.2.10 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, which is not properly handled when the...
CVE-2008-0691 2 Wordpress, Simon Elvery 2 Wp-footnotes, Wp-footnotes 2018-10-15 4.3
Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php in the Simon Elvery WP-Footnotes 2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wp_footnotes_current_settings[priority],...