Vulnerabilities > Wordpress > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-02-22 | CVE-2010-0673 | SQL Injection vulnerability in Copperleaf Photolog 0.16 SQL injection vulnerability in cplphoto.php in the Copperleaf Photolog plugin 0.16, and possibly earlier, for WordPress allows remote attackers to execute arbitrary SQL commands via the postid parameter. | 7.5 |
2009-12-28 | CVE-2009-4424 | SQL Injection vulnerability in Imotta Pyrmont Plugin 2 SQL injection vulnerability in results.php in the Pyrmont plugin 2 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2009-12-18 | CVE-2009-3703 | SQL Injection vulnerability in Fahlstad Wp-Forum Multiple SQL injection vulnerabilities in the WP-Forum plugin before 2.4 for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the search_max parameter in a search action to the default URI, related to wpf.class.php; (2) the forum parameter to an unspecified component, related to wpf.class.php; (3) the topic parameter in a viewforum action to the default URI, related to the remove_topic function in wpf.class.php; or the id parameter in a (4) editpost or (5) viewtopic action to the default URI, related to wpf-post.php. | 7.5 |
2009-08-24 | CVE-2008-7040 | SQL Injection vulnerability in Yellowswordfish Simple Forum SQL injection vulnerability in ahah/sf-profile.php in the Yellow Swordfish Simple Forum module for Wordpress allows remote attackers to execute arbitrary SQL commands via the u parameter. | 7.5 |
2009-08-13 | CVE-2009-2762 | Credentials Management vulnerability in Wordpress wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to force a password reset for the first user in the database, possibly the administrator, via a key[] array variable in a resetpass (aka rp) action, which bypasses a check that assumes that $key is not an array. | 7.5 |
2009-07-08 | CVE-2009-2383 | SQL Injection vulnerability in Blogtrafficexchange Related-Sites 2.1 SQL injection vulnerability in BTE_RW_webajax.php in the Related Sites plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the guid parameter. | 7.5 |
2009-06-22 | CVE-2009-2144 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2009-06-22 | CVE-2009-2143 | Code Injection vulnerability in Firestats PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fs_javascript parameter. | 7.5 |
2009-06-19 | CVE-2009-2122 | SQL Injection vulnerability in Paolo Palmonari Photoracer Plugin for Wordpress 1.0 SQL injection vulnerability in viewimg.php in the Paolo Palmonari Photoracer plugin 1.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2009-03-19 | CVE-2009-0968 | SQL Injection vulnerability in Fahlstad Fmoblog Plugin 2.1 SQL injection vulnerability in fmoblog.php in the fMoblog plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | 7.5 |