Vulnerabilities > Wordpress > Wordpress > 3.1.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-04-21 | CVE-2012-2402 | Permissions, Privileges, and Access Controls vulnerability in Wordpress wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors. | 5.5 |
2012-04-21 | CVE-2012-2401 | Permissions, Privileges, and Access Controls vulnerability in multiple products Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content. | 5.0 |
2012-04-21 | CVE-2012-2400 | Remote vulnerability in WordPress Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors. | 10.0 |
2012-04-21 | CVE-2012-2399 | Remote vulnerability in WordPress Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414. | 10.0 |
2011-08-10 | CVE-2011-3130 | Unspecified vulnerability in Wordpress wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Taxonomy query hardening," possibly involving SQL injection. | 7.5 |
2011-08-10 | CVE-2011-3129 | Permissions, Privileges, and Access Controls vulnerability in Wordpress The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames. | 9.3 |
2011-08-10 | CVE-2011-3128 | Information Exposure vulnerability in Wordpress WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php. | 5.0 |
2011-08-10 | CVE-2011-3127 | Improper Input Validation vulnerability in Wordpress WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for (1) admin or (2) login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | 5.8 |
2011-08-10 | CVE-2011-3126 | Information Exposure vulnerability in Wordpress WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote attackers to determine usernames of non-authors via canonical redirects. | 5.0 |
2011-08-10 | CVE-2011-3125 | Unspecified vulnerability in Wordpress Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Various security hardening." | 10.0 |