Vulnerabilities > Wordpress > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-01-12 | CVE-2011-5254 | Security vulnerability in WordPress Connections Plugin Unspecified vulnerability in the Connections plugin before 0.7.1.6 for WordPress has unknown impact and attack vectors. | 10.0 |
| 2012-09-06 | CVE-2012-4874 | Image Upload vulnerability in Wordpress Another WordPress Classifieds Plugin Unspecified vulnerability in the Another WordPress Classifieds Plugin before 2.0 for WordPress has unknown impact and attack vectors related to "image uploads." | 10.0 |
| 2012-07-18 | CVE-2012-4033 | Unspecified vulnerability in Zingiri web Shop Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin before 2.4.0 for WordPress have unknown impact and attack vectors. | 10.0 |
| 2012-06-16 | CVE-2012-3576 | Permissions, Privileges, and Access Controls vulnerability in Jquindlen Wpstorecart Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin before 2.5.30 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/wpstorecart. | 10.0 |
| 2012-06-16 | CVE-2012-3575 | Permissions, Privileges, and Access Controls vulnerability in RBX Gallery RBX Gallery 2.1 Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/rbxslider. | 10.0 |
| 2012-04-21 | CVE-2012-2400 | Remote vulnerability in WordPress Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors. | 10.0 |
| 2012-04-21 | CVE-2012-2399 | Remote vulnerability in WordPress Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414. | 10.0 |
| 2011-08-10 | CVE-2011-3129 | Permissions, Privileges, and Access Controls vulnerability in Wordpress The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames. | 9.3 |
| 2011-08-10 | CVE-2011-3125 | Unspecified vulnerability in Wordpress Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Various security hardening." | 10.0 |
| 2011-08-10 | CVE-2011-3122 | Unspecified vulnerability in Wordpress Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Media security." | 10.0 |