Vulnerabilities (CVE)

Vendor filter

Wordpress Subscribe

Product filter

Wordpress Subscribe

Filter

298 total CVE
CVE Vendors Products Updated CVSS
CVE-2007-3239 1 Wordpress 1 Wordpress 2018-10-16 4.3
Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. NOTE: this can be...
CVE-2007-3238 1 Wordpress 1 Wordpress 2018-10-16 6.0
Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different...
CVE-2007-2821 1 Wordpress 1 Wordpress 2018-10-16 7.5
SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter.
CVE-2007-2627 1 Wordpress 1 Wordpress 2018-10-16 6.8
Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability...
CVE-2007-1894 1 Wordpress 1 Wordpress 2018-10-16 4.3
Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function.
CVE-2007-1599 1 Wordpress 1 Wordpress 2018-10-16 6.5
wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirect_to parameter.
CVE-2007-1409 1 Wordpress 1 Wordpress 2018-10-16 5.0
WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message.
CVE-2007-1277 1 Wordpress 1 Wordpress 2018-10-16 7.5
WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in...
CVE-2007-1244 1 Wordpress 1 Wordpress 2018-10-16 6.8
Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this...
CVE-2007-0541 1 Wordpress 1 Wordpress 2018-10-16 5.0
WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes...
CVE-2007-0540 1 Wordpress 1 Wordpress 2018-10-16 5.0
WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain...
CVE-2007-0539 1 Wordpress 1 Wordpress 2018-10-16 7.8
The wp_remote_fopen function in WordPress before 2.1 allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a large file, which triggers a long...
CVE-2007-0262 1 Wordpress 1 Wordpress 2018-10-16 7.8
WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify that the m parameter value has the string data type, which allows remote attackers to obtain sensitive information via an invalid m[] parameter, as demonstrated by obtaining the...
CVE-2007-0109 1 Wordpress 1 Wordpress 2018-10-16 5.0
wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.
CVE-2007-0107 1 Wordpress 1 Wordpress 2018-10-16 6.8
WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte...
CVE-2007-0106 1 Wordpress 1 Wordpress 2018-10-16 6.8
Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL...
CVE-2008-0617 2 Wordpress, Daniel M. Schurter 2 Dmsguestbook, Wordpress 2018-10-15 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter to wp-admin/admin.php, or the (2) messagefield parameter...
CVE-2008-0616 2 Wordpress, Dmsguestbook 2 Dmsguestbook, Wordpress 2018-10-15 6.5
SQL injection vulnerability in the administration panel in the DMSGuestbook 1.7.0 plugin for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. NOTE: it is not clear whether this issue...
CVE-2008-0615 2 Wordpress, Dmsguestbook 2 Dmsguestbook, Wordpress 2018-10-15 4.0
Directory traversal vulnerability in wp-admin/admin.php in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) folder and (2) file parameters.
CVE-2008-0198 1 Wordpress 1 Wordpress 2018-10-15 4.3
Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1)...