Vulnerabilities > Wordpress
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-01-03 | CVE-2013-7240 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. | 5.0 |
2014-01-03 | CVE-2013-6993 | Cross-Site Scripting vulnerability in Ad-Minister Project Ad-Minister Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the key parameter in a delete action to wp-admin/tools.php. | 4.3 |
2014-01-03 | CVE-2013-6992 | Cross-Site Request Forgery (CSRF) vulnerability in Askapache Firefox Adsense 3.0 Cross-site request forgery (CSRF) vulnerability in askapache-firefox-adsense.php in the AskApache Firefox Adsense plugin 3.0 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the aafireadcode parameter to wp-admin/options-general.php. | 6.8 |
2014-01-03 | CVE-2013-6991 | Cross-Site Scripting vulnerability in Wokamoto Wp-Cron Dashboard Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard plugin 1.1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the procname parameter to wp-admin/tools.php. | 4.3 |
2013-12-30 | CVE-2013-7233 | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list. | 6.8 |
2013-10-09 | CVE-2013-0736 | Cross-Site Request Forgery (CSRF) vulnerability in Cartpauj Mingle-Forum Multiple cross-site request forgery (CSRF) vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) modify user privileges or (2) conduct cross-site scripting (XSS) attacks via unspecified vectors. | 6.8 |
2013-10-03 | CVE-2013-6010 | Cross-Site Scripting vulnerability in Wearegumball Comment-Attachment 1.0 Cross-site scripting (XSS) vulnerability in the Comment Attachment plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Attachment field title." | 4.3 |
2013-09-30 | CVE-2013-5961 | Unspecified vulnerability in Danny Morris Lazy SEO 1.1.9 Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in lazy-seo/. | 6.8 |
2013-09-26 | CVE-2013-4626 | Cross-Site Scripting vulnerability in Marketpress Backwpup Plugin Cross-site scripting (XSS) vulnerability in the BackWPup plugin before 3.0.13 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter to wp-admin/admin.php. | 4.3 |
2013-09-23 | CVE-2013-5918 | Cross-Site Scripting vulnerability in Platinum SEO Project Platinum SEO Plugin Cross-site scripting (XSS) vulnerability in platinum_seo_pack.php in the Platinum SEO plugin before 1.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | 4.3 |