Vulnerabilities > Wordpress > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-10-27 | CVE-2003-1599 | Code Injection vulnerability in Wordpress 0.70 PHP remote file inclusion vulnerability in wp-links/links.all.php in WordPress 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the $abspath variable. | 7.5 |
| 2014-10-01 | CVE-2003-1598 | SQL Injection vulnerability in Wordpress SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable. | 7.5 |
| 2014-08-18 | CVE-2014-5203 | Unspecified vulnerability in Wordpress 3.9.0/3.9.1 wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data. | 7.5 |
| 2014-04-02 | CVE-2013-0735 | SQL Injection vulnerability in Cartpauj Mingle-Forum Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post, (2) sticky, or (3) closed action or (4) thread parameter in a postreply action to index.php. | 7.5 |
| 2014-03-09 | CVE-2014-2316 | SQL Injection vulnerability in Zemanta Search Everything 7.0.2 SQL injection vulnerability in se_search_default in the Search Everything plugin before 7.0.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the s parameter to index.php. | 7.5 |
| 2013-09-23 | CVE-2013-5917 | SQL Injection vulnerability in Rodrigo Coimbra Nospam PTI 2.1 SQL injection vulnerability in wp-comments-post.php in the NOSpam PTI plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the comment_post_ID parameter. | 7.5 |
| 2013-09-12 | CVE-2013-4339 | Improper Input Validation vulnerability in Wordpress WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string. | 7.5 |
| 2013-09-12 | CVE-2013-4338 | Code Injection vulnerability in Wordpress wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP unserialize operations. | 7.5 |
| 2013-09-10 | CVE-2013-5673 | SQL Injection vulnerability in Indianic Testimonial Plugin 2.2 SQL injection vulnerability in testimonial.php in the IndiaNIC Testimonial plugin 2.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the custom_query parameter in a testimonial_add action to wp-admin/admin-ajax.php. | 7.5 |
| 2013-05-10 | CVE-2013-3532 | SQL Injection vulnerability in Webdorado Spider Video Player 2.1 SQL injection vulnerability in settings.php in the Web Dorado Spider Video Player plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the theme parameter. | 7.5 |