Export limit exceeded: 357809 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12851 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-2109 | 2 Buddypress, Wordpress | 2 Buddypress, Wordpress | 2025-04-11 | N/A |
| SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action. | ||||
| CVE-2011-1669 | 2 Mikoviny, Wordpress | 2 Wp Custom Pages, Wordpress | 2025-04-11 | N/A |
| Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter. | ||||
| CVE-2012-2917 | 2 Andrew Killen, Wordpress | 2 Share And Follow, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Share and Follow plugin 1.80.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the CDN API Key (cnd-key) in a share-and-follow-menu page to wp-admin/admin.php. | ||||
| CVE-2012-2912 | 2 Kolja Schleich, Wordpress | 2 Leaguemanager, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the LeagueManager plugin 3.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter in the show-league page or (2) season parameter in the team page to wp-admin/admin.php. | ||||
| CVE-2011-3127 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for (1) admin or (2) login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | ||||
| CVE-2012-3576 | 2 Jquindlen, Wordpress | 2 Wpstorecart, Wordpress | 2025-04-11 | N/A |
| Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin before 2.5.30 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/wpstorecart. | ||||
| CVE-2012-4271 | 2 Mark Jaquith, Wordpress | 2 Bad Behavior, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in bad-behavior-wordpress-admin.php in the Bad Behavior plugin before 2.0.47 and 2.2.x before 2.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) httpbl_key, (3) httpbl_maxage, (4) httpbl_threat, (5) reverse_proxy_addresses, or (6) reverse_proxy_header parameter. | ||||
| CVE-2012-4273 | 2 Ppfeufer, Wordpress | 2 2-click-social-media-buttons, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter. | ||||
| CVE-2012-6635 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by visiting a draft. | ||||
| CVE-2012-4421 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing Protocol (aka AtomPub) feature. | ||||
| CVE-2012-6634 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| wp-admin/media-upload.php in WordPress before 3.3.3 allows remote attackers to obtain sensitive information or bypass intended media-attachment restrictions via a post_id value. | ||||
| CVE-2013-4944 | 2 Fusedpress, Wordpress | 2 Buddypress-extended-frienship-request, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the BuddyPress Extended Friendship Request plugin before 1.0.2 for WordPress, when the "Friend Connections" component is enabled, allows remote attackers to inject arbitrary web script or HTML via the friendship_request_message parameter to wp-admin/admin-ajax.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2011-5270 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role. | ||||
| CVE-2011-5207 | 2 Thecartpress, Wordpress | 2 Thecartpress, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script or HTML via the tcp_name_post_XXXXX parameter. | ||||
| CVE-2013-7240 | 2 Westerndeal, Wordpress | 2 Advanced Dewplayer, Wordpress | 2025-04-11 | N/A |
| Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter. | ||||
| CVE-2013-2501 | 2 Terillion, Wordpress | 2 Terillion Reviews Plugin, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field. | ||||
| CVE-2013-6992 | 2 Askapache, Wordpress | 2 Firefox Adsense, Wordpress | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in askapache-firefox-adsense.php in the AskApache Firefox Adsense plugin 3.0 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the aafireadcode parameter to wp-admin/options-general.php. | ||||
| CVE-2013-3261 | 2 Photogallerycreator, Wordpress | 2 Flash-album-gallery, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the GRAND FlAGallery plugin before 2.72 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in a flag-manage-gallery action. | ||||
| CVE-2011-3853 | 2 Themehybrid, Wordpress | 2 Hybrid, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Hybrid theme before 0.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. | ||||
| CVE-2011-5106 | 2 Fractalia, Wordpress | 2 Flexible Custom Post Type, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||