Vulnerabilities > Wordpress
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-04-02 | CVE-2013-0735 | SQL Injection vulnerability in Cartpauj Mingle-Forum Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post, (2) sticky, or (3) closed action or (4) thread parameter in a postreply action to index.php. | 7.5 |
2014-03-28 | CVE-2013-0734 | Cross-Site Scripting vulnerability in Cartpauj Mingle-Forum Multiple cross-site scripting (XSS) vulnerabilities in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) search_words parameter in a search action to wpf.class.php or (2) togroupusers parameter in an add_user_togroup action to fs-admin/fs-admin.php. | 4.3 |
2014-03-09 | CVE-2014-2316 | SQL Injection vulnerability in Zemanta Search Everything 7.0.2 SQL injection vulnerability in se_search_default in the Search Everything plugin before 7.0.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the s parameter to index.php. | 7.5 |
2014-03-09 | CVE-2014-2315 | Cross-Site Scripting vulnerability in Shinephp Thank YOU Counter Button 1.8.7 Multiple cross-site scripting (XSS) vulnerabilities in the Thank You Counter Button plugin 1.8.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) thanks_caption, (2) thanks_caption_style, or (3) thanks_style parameter to wp-admin/options.php. | 4.3 |
2014-03-06 | CVE-2014-1907 | Path Traversal vulnerability in Videowhisper Live Streaming Integration Plugin Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. | 6.4 |
2014-03-03 | CVE-2013-3487 | Cross-Site Scripting vulnerability in Ait-Pro Bulletproof-Security Multiple cross-site scripting (XSS) vulnerabilities in the security log in the BulletProof Security plugin before .49 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified HTML header fields to (1) 400.php, (2) 403.php, or (3) 403.php. | 4.3 |
2014-03-03 | CVE-2013-1409 | Cross-Site Scripting vulnerability in Commentluv Cross-site scripting (XSS) vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _ajax_nonce parameter to wp-admin/admin-ajax.php. | 4.3 |
2014-03-01 | CVE-2014-1888 | Cross-Site Scripting vulnerability in Buddypress Cross-site scripting (XSS) vulnerability in the BuddyPress plugin before 1.9.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the name field to groups/create/step/group-details. | 4.3 |
2014-01-21 | CVE-2012-6635 | Permissions, Privileges, and Access Controls vulnerability in Wordpress wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by visiting a draft. | 4.0 |
2014-01-21 | CVE-2012-6634 | Permissions, Privileges, and Access Controls vulnerability in Wordpress wp-admin/media-upload.php in WordPress before 3.3.3 allows remote attackers to obtain sensitive information or bypass intended media-attachment restrictions via a post_id value. | 6.4 |