Filtered by vendor Wordpress
Subscribe
Total
625 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1059 | 1 Wordpress | 1 Sniplets Plugin | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter. | |||||
| CVE-2008-1982 | 1 Wordpress | 2 Wordpress, Wpss | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) 0.6 and earlier plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter. | |||||
| CVE-2008-0191 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 5.0 MEDIUM | N/A |
| WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals the full path and the SQL database structure. | |||||
| CVE-2007-1277 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 7.5 HIGH | N/A |
| WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php. | |||||
| CVE-2008-2510 | 1 Wordpress | 1 Upload File Plugin | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in wp-uploadfile.php in the Upload File plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the f_id parameter. | |||||
| CVE-2009-2854 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 6.4 MEDIUM | N/A |
| Wordpress before 2.8.3 does not check capabilities for certain actions, which allows remote attackers to make unauthorized edits or additions via a direct request to (1) edit-comments.php, (2) edit-pages.php, (3) edit.php, (4) edit-category-form.php, (5) edit-link-category-form.php, (6) edit-tag-form.php, (7) export.php, (8) import.php, or (9) link-add.php in wp-admin/. | |||||
| CVE-2008-2392 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 9.0 HIGH | N/A |
| Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard. | |||||
| CVE-2009-2122 | 2 Paolo Palmonari, Wordpress | 2 Photoracer Plugin For Wordpress, Wordpress | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewimg.php in the Paolo Palmonari Photoracer plugin 1.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-2852 | 2 Ryan.mcgeary, Wordpress | 2 Wp-syntax, Wordpress | 2025-04-09 | 6.8 MEDIUM | N/A |
| WP-Syntax plugin 0.9.1 and earlier for Wordpress, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via the test_filter[wp_head] array parameter to test/index.php, which is used in a call to the call_user_func_array function. | |||||
| CVE-2009-4424 | 2 Imotta, Wordpress | 2 Pyrmont Plugin, Wordpress | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in results.php in the Pyrmont plugin 2 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-4544 | 1 Wordpress | 1 Wordpress Mu | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the weblog_id parameter (Username field). | |||||
| CVE-2008-0203 | 1 Wordpress | 1 Cryptographp | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cryptographp/admin.php in the Cryptographp 1.2 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cryptwidth, (2) cryptheight, (3) bgimg, (4) charR, (5) charG, (6) charB, (7) charclear, (8) tfont, (9) charel, (10) charelc, (11) charelv, (12) charnbmin, (13) charnbmax, (14) charspace, (15) charsizemin, (16) charsizemax, (17) charanglemax, (18) noisepxmin, (19) noisepxmax, (20) noiselinemin, (21) noiselinemax, (22) nbcirclemin, (23) nbcirclemax, or (24) brushsize parameter to wp-admin/options-general.php. | |||||
| CVE-2008-0507 | 1 Wordpress | 1 Adserve | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in adclick.php in the AdServe 0.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-2144 | 3 Edgewall, Firestats, Wordpress | 3 Firestats, Firestats, Wordpress | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-6811 | 2 Instinct, Wordpress | 2 E-commerce Plugin, Wordpress | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in image_processing.php in the e-Commerce Plugin 3.4 and earlier for Wordpress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/plugins/wp-shopping-cart/. | |||||
| CVE-2008-4733 | 2 Pressography, Wordpress | 2 Wp Comment Remix Plugin, Wordpress | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wpcommentremix.php in WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) replytotext, (2) quotetext, (3) originallypostedby, (4) sep, (5) maxtags, (6) tagsep, (7) tagheadersep, (8) taglabel, and (9) tagheaderlabel parameters. | |||||
| CVE-2007-1894 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function. | |||||
| CVE-2023-22622 | 1 Wordpress | 1 Wordpress | 2025-04-07 | N/A | 5.3 MEDIUM |
| WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not receive enough visits to execute scheduled tasks in a timely manner," but neither the installation guide nor the security guide mentions this default behavior, or alerts the user about security risks on installations with very few visits. | |||||
| CVE-2004-1584 | 1 Wordpress | 1 Wordpress | 2025-04-03 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter. | |||||
| CVE-2004-1559 | 1 Wordpress | 1 Wordpress | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php. | |||||