Vulnerabilities (CVE)

Vendor filter

Wordpress Subscribe

Filter

347 total CVE
CVE Vendors Products Updated CVSS
CVE-2008-0617 2 Wordpress, Daniel M. Schurter 2 Dmsguestbook, Wordpress 2018-10-15 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter to wp-admin/admin.php, or the (2) messagefield parameter...
CVE-2008-0616 2 Wordpress, Dmsguestbook 2 Dmsguestbook, Wordpress 2018-10-15 6.5
SQL injection vulnerability in the administration panel in the DMSGuestbook 1.7.0 plugin for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. NOTE: it is not clear whether this issue...
CVE-2008-0615 2 Wordpress, Dmsguestbook 2 Dmsguestbook, Wordpress 2018-10-15 4.0
Directory traversal vulnerability in wp-admin/admin.php in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) folder and (2) file parameters.
CVE-2008-0508 1 Wordpress 1 Permalinks Migration Plugin 2018-10-15 6.8
Cross-site request forgery (CSRF) vulnerability in deans_permalinks_migration.php in the Dean's Permalinks Migration 1.0 plugin for WordPress allows remote attackers to modify the oldstructure (aka dean_pm_config[oldstructure]) configuration...
CVE-2008-0206 1 Wordpress 1 Captcha 2018-10-15 4.3
Multiple cross-site scripting (XSS) vulnerabilities in captcha\captcha.php in the Captcha! 2.5d and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) captcha_ttffolder, (2) captcha_numchars,...
CVE-2008-0205 1 Wordpress 1 Math Comment Spam Protection Plugin 2018-10-15 4.3
Multiple cross-site request forgery (CSRF) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1)...
CVE-2008-0204 1 Wordpress 1 Math Comment Spam Protection Plugin 2018-10-15 4.3
Multiple cross-site scripting (XSS) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1)...
CVE-2008-0203 1 Wordpress 1 Cryptographp 2018-10-15 4.3
Multiple cross-site scripting (XSS) vulnerabilities in cryptographp/admin.php in the Cryptographp 1.2 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cryptwidth, (2) cryptheight, (3)...
CVE-2008-0198 1 Wordpress 1 Wordpress 2018-10-15 4.3
Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1)...
CVE-2008-0197 1 Wordpress 1 Wp-contactform 2018-10-15 4.3
Multiple cross-site scripting (XSS) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wpcf_email,...
CVE-2008-0196 1 Wordpress 1 Wordpress 2018-10-15 5.0
Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to...
CVE-2008-0195 1 Wordpress 1 Wordpress 2018-10-15 5.0
WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages.
CVE-2008-0194 1 Wordpress 1 Wordpress 2018-10-15 7.5
Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a...
CVE-2008-0193 1 Wordpress 1 Wordpress 2018-10-15 4.3
Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action...
CVE-2008-0192 1 Wordpress 1 Wordpress 2018-10-15 4.3
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php.
CVE-2008-0191 1 Wordpress 1 Wordpress 2018-10-15 5.0
WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals the full path and the SQL database structure.
CVE-2007-6318 1 Wordpress 1 Wordpress 2018-10-15 6.8
SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set...
CVE-2007-6013 1 Wordpress 1 Wordpress 2018-10-15 6.8
Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.
CVE-2007-5710 1 Wordpress 1 Wordpress 2018-10-15 2.6
Cross-site scripting (XSS) vulnerability in wp-admin/edit-post-rows.php in WordPress 2.3 allows remote attackers to inject arbitrary web script or HTML via the posts_columns array parameter.
CVE-2007-5106 1 Wordpress 1 Wordpress 2018-10-15 4.3
Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 allows remote attackers to inject arbitrary web script or HTML via the user_login parameter.