Vulnerabilities > Wordpress > High

DATE CVE VULNERABILITY TITLE RISK
2010-02-22 CVE-2010-0673 SQL Injection vulnerability in Copperleaf Photolog 0.16
SQL injection vulnerability in cplphoto.php in the Copperleaf Photolog plugin 0.16, and possibly earlier, for WordPress allows remote attackers to execute arbitrary SQL commands via the postid parameter.
network
low complexity
copperleaf wordpress CWE-89
7.5
2009-12-28 CVE-2009-4424 SQL Injection vulnerability in Imotta Pyrmont Plugin 2
SQL injection vulnerability in results.php in the Pyrmont plugin 2 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
imotta wordpress CWE-89
7.5
2009-12-18 CVE-2009-3703 SQL Injection vulnerability in Fahlstad Wp-Forum
Multiple SQL injection vulnerabilities in the WP-Forum plugin before 2.4 for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the search_max parameter in a search action to the default URI, related to wpf.class.php; (2) the forum parameter to an unspecified component, related to wpf.class.php; (3) the topic parameter in a viewforum action to the default URI, related to the remove_topic function in wpf.class.php; or the id parameter in a (4) editpost or (5) viewtopic action to the default URI, related to wpf-post.php.
network
low complexity
fahlstad wordpress CWE-89
7.5
2009-08-24 CVE-2008-7040 SQL Injection vulnerability in Yellowswordfish Simple Forum
SQL injection vulnerability in ahah/sf-profile.php in the Yellow Swordfish Simple Forum module for Wordpress allows remote attackers to execute arbitrary SQL commands via the u parameter.
network
low complexity
wordpress yellowswordfish CWE-89
7.5
2009-08-13 CVE-2009-2762 Credentials Management vulnerability in Wordpress
wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to force a password reset for the first user in the database, possibly the administrator, via a key[] array variable in a resetpass (aka rp) action, which bypasses a check that assumes that $key is not an array.
network
low complexity
wordpress CWE-255
7.5
2009-07-08 CVE-2009-2383 SQL Injection vulnerability in Blogtrafficexchange Related-Sites 2.1
SQL injection vulnerability in BTE_RW_webajax.php in the Related Sites plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the guid parameter.
network
low complexity
blogtrafficexchange wordpress CWE-89
7.5
2009-06-22 CVE-2009-2144 SQL Injection vulnerability in multiple products
SQL injection vulnerability in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
edgewall firestats wordpress CWE-89
7.5
2009-06-22 CVE-2009-2143 Code Injection vulnerability in Firestats
PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fs_javascript parameter.
network
low complexity
wordpress firestats CWE-94
7.5
2009-06-19 CVE-2009-2122 SQL Injection vulnerability in Paolo Palmonari Photoracer Plugin for Wordpress 1.0
SQL injection vulnerability in viewimg.php in the Paolo Palmonari Photoracer plugin 1.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
wordpress paolo-palmonari CWE-89
7.5
2009-03-19 CVE-2009-0968 SQL Injection vulnerability in Fahlstad Fmoblog Plugin 2.1
SQL injection vulnerability in fmoblog.php in the fMoblog plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
network
low complexity
fahlstad wordpress CWE-89
7.5