Vulnerabilities > Wordpress > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-08-18 | CVE-2009-2853 | Permissions, Privileges, and Access Controls vulnerability in Wordpress Wordpress before 2.8.3 allows remote attackers to gain privileges via a direct request to (1) admin-footer.php, (2) edit-category-form.php, (3) edit-form-advanced.php, (4) edit-form-comment.php, (5) edit-link-category-form.php, (6) edit-link-form.php, (7) edit-page-form.php, and (8) edit-tag-form.php in wp-admin/. | 10.0 |
| 2009-07-09 | CVE-2009-2396 | Code Injection vulnerability in Dutchmonkey DM Album 1.9.2 PHP remote file inclusion vulnerability in template/album.php in DM Albums 1.9.2, as used standalone or as a WordPress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter. | 9.3 |
| 2009-04-28 | CVE-2008-6767 | Denial-Of-Service vulnerability in Wordpress 2.6 wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to upgrade the application, and possibly cause a denial of service (application outage), via a direct request. | 10.0 |
| 2008-10-30 | CVE-2008-4796 | OS Command Injection vulnerability in multiple products The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs. | 10.0 |
| 2008-10-28 | CVE-2008-4769 | Path Traversal vulnerability in Wordpress Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. | 9.3 |
| 2008-07-30 | CVE-2008-3362 | Improper Input Validation vulnerability in multiple products Unrestricted file upload vulnerability in upload.php in the Giulio Ganci Wp Downloads Manager module 0.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the upfile parameter, then accessing it via a direct request to the file in wp-content/plugins/downloads-manager/upload/. | 10.0 |
| 2008-05-21 | CVE-2008-2392 | Improper Input Validation vulnerability in Wordpress Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard. | 9.0 |
| 2007-11-19 | CVE-2007-6013 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash. | 9.8 |
| 2006-08-09 | CVE-2006-4028 | Remote Security vulnerability in WordPress Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. | 10.0 |