Vulnerabilities > Wordpress > Wordpress > 3.0.2

DATE CVE VULNERABILITY TITLE RISK
2012-06-27 CVE-2011-4957 Improper Input Validation vulnerability in Wordpress
The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a crafted URL that triggers many recursive calls.
network
low complexity
wordpress CWE-20
5.0
5.0
2012-06-27 CVE-2011-4956 Cross-Site Scripting vulnerability in Wordpress
Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
wordpress CWE-79
4.3
4.3
2012-04-21 CVE-2012-2404 Cross-Site Scripting vulnerability in Wordpress
wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
network
wordpress CWE-79
4.3
4.3
2012-04-21 CVE-2012-2403 Cross-Site Scripting vulnerability in Wordpress
wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
network
wordpress CWE-79
4.3
4.3
2012-04-21 CVE-2012-2402 Permissions, Privileges, and Access Controls vulnerability in Wordpress
wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors.
network
low complexity
wordpress CWE-264
5.5
5.5
2012-04-21 CVE-2012-2401 Permissions, Privileges, and Access Controls vulnerability in multiple products
Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.
network
low complexity
moxiecode wordpress CWE-264
5.0
5.0
2012-04-21 CVE-2012-2400 Remote vulnerability in WordPress
Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors.
network
low complexity
wordpress
critical
 10.0
10
2012-04-21 CVE-2012-2399 Remote vulnerability in WordPress
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414.
network
low complexity
wordpress
critical
 10.0
10
2011-03-14 CVE-2011-0701 Information Exposure vulnerability in Wordpress
wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter.
network
low complexity
wordpress CWE-200
4.0
4.0
2011-03-14 CVE-2011-0700 Cross-Site Scripting vulnerability in Wordpress
Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (1) the Quick/Bulk Edit title (aka post title or post_title), (2) post_status, (3) comment_status, (4) ping_status, and (5) escaping of tags within the tags meta box.
network
wordpress CWE-79
3.5
3.5