Vulnerabilities > Wordpress > Wordpress > 3.0.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-07-08 | CVE-2013-2200 | Permissions, Privileges, and Access Controls vulnerability in Wordpress WordPress before 3.5.2 does not properly check the capabilities of roles, which allows remote authenticated users to bypass intended restrictions on publishing and authorship reassignment via unspecified vectors. | 4.0 |
| 2013-07-08 | CVE-2013-2199 | Permissions, Privileges, and Access Controls vulnerability in Wordpress The HTTP API in WordPress before 3.5.2 allows remote attackers to send HTTP requests to intranet servers via unspecified vectors, related to a Server-Side Request Forgery (SSRF) issue, a similar vulnerability to CVE-2013-0235. | 4.3 |
| 2013-07-08 | CVE-2013-0237 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |
| 2013-07-08 | CVE-2013-0236 | Cross-Site Scripting vulnerability in Wordpress Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) gallery shortcodes or (2) the content of a post. | 4.3 |
| 2013-07-08 | CVE-2013-0235 | Unspecified vulnerability in Wordpress The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue. | 6.4 |
| 2012-09-14 | CVE-2012-4422 | Permissions, Privileges, and Access Controls vulnerability in Wordpress wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin changes by leveraging the Administrator role. | 3.5 |
| 2012-09-14 | CVE-2012-4421 | Permissions, Privileges, and Access Controls vulnerability in Wordpress The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing Protocol (aka AtomPub) feature. | 4.0 |
| 2012-07-22 | CVE-2012-3385 | Permissions, Privileges, and Access Controls vulnerability in Wordpress WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors. | 5.0 |
| 2012-07-22 | CVE-2012-3384 | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
| 2012-06-27 | CVE-2011-4957 | Improper Input Validation vulnerability in Wordpress The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a crafted URL that triggers many recursive calls. | 5.0 |