Vulnerabilities > Wordpress

DATE CVE VULNERABILITY TITLE RISK
2013-08-09 CVE-2013-5098 Cross-Site Scripting vulnerability in Mikejolley Download Monitor
Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the sort parameter, a different vulnerability than CVE-2013-3262. 		4.3
4.3
2013-08-09 CVE-2013-4625 Cross-Site Scripting vulnerability in Cory Lamle Duplicator 0.4.2/0.4.3
Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter. 		4.3
4.3
2013-08-09 CVE-2013-3262 Cross-Site Scripting vulnerability in Mikejolley Download Monitor
Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the p parameter. 		4.3
4.3
2013-08-08 CVE-2013-3256 Cross-Site Request Forgery (CSRF) vulnerability in Shareaholic Sexybookmarks 6.1.4.0
Cross-site request forgery (CSRF) vulnerability in the Shareaholic SexyBookmarks plugin 6.1.4.0 for WordPress allows remote attackers to hijack the authentication of users for requests that "manipulate plugin settings." 		6.8
6.8
2013-07-29 CVE-2013-4954 Cross-Site Scripting vulnerability in Genetechsolutions Pie-Register
Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password" is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pass1 or (2) pass2 parameter in a register action.
network
high complexity
genetechsolutions wordpress CWE-79
2.6
2.6
2013-07-29 CVE-2013-4944 Cross-Site Scripting vulnerability in Fusedpress Buddypress-Extended-Frienship-Request 1.0/1.0.1
Cross-site scripting (XSS) vulnerability in the BuddyPress Extended Friendship Request plugin before 1.0.2 for WordPress, when the "Friend Connections" component is enabled, allows remote attackers to inject arbitrary web script or HTML via the friendship_request_message parameter to wp-admin/admin-ajax.php.
network
high complexity
fusedpress wordpress CWE-79
2.6
2.6
2013-07-19 CVE-2012-3414 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function. 		4.3
4.3
2013-07-16 CVE-2013-4117 Cross-Site Scripting vulnerability in Anshul Sharma Category-Grid-View-Gallery 2.3.1
Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter. 		4.3
4.3
2013-07-16 CVE-2013-3491 Cross-Site Request Forgery (CSRF) vulnerability in Mdolon Sharebar 1.2.5
Multiple cross-site request forgery (CSRF) vulnerabilities in the Sharebar plugin 1.2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) modify buttons, or (3) insert cross-site scripting (XSS) sequences. 		6.8
6.8
2013-07-12 CVE-2013-2704 Cross-Site Request Forgery (CSRF) vulnerability in Metin Saylan Dropdown Menu Widget 1.9.1
Cross-site request forgery (CSRF) vulnerability in the Dropdown Menu Widget plugin 1.9.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences. 		6.8
6.8