wordpress
412 tracked vulnerabilities.
CVE-2012-4271
Bad Behavior < 2.0.47 and 2.2.x < 2.2.5 - Cross-Site Scripting via Multiple Parameters
Aug 13, 2012
EPSS 0.00
CVE-2012-3385
WordPress < 3.4.1 - Unauthenticated Sensitive Information Exposure via Post Content Access
Jul 22, 2012
EPSS 0.01
CVE-2012-3384
WordPress < 3.4.1 - Cross-Site Request Forgery in Customizer
Jul 22, 2012
EPSS 0.00
CVE-2012-3383
WordPress 3.4.x - Authenticated Cross-Site Scripting via Unfiltered HTML Capability
Jul 22, 2012
EPSS 0.00
CVE-2012-3588
Plugin Newsletter plugin 1.5 - Path Traversal via Data Parameter
Jun 19, 2012
EPSS 0.06
CVE-2012-3578
FCChat Widget < 2.2.13.1 - Unauthenticated Arbitrary File Upload via HTML Upload Endpoint
Jun 17, 2012
EPSS 0.14
CVE-2012-2633
WassUp Plugin < 1.8.3 - Cross-Site Scripting via User-Agent HTTP Header
Jun 15, 2012
EPSS 0.00
CVE-2012-1936
WordPress < 3.3.1 - Cross-Site Request Forgery via Nonce Reuse
May 03, 2012
EPSS 0.00
CVE-2012-2404
WordPress < 3.3.2 - Cross-Site Scripting via Offsite Redirect in wp-comments-post.php
Apr 21, 2012
EPSS 0.02
CVE-2012-2403
WordPress < 3.3.2 - Cross-Site Scripting via Clickable Links in Attributes
Apr 21, 2012
EPSS 0.03
CVE-2012-2402
WordPress < 3.3.2 - Authenticated Plugin Deactivation Bypass
Apr 21, 2012
EPSS 0.01
CVE-2012-2401
Plupload < 1.5.4 - Same Origin Policy Bypass via SWF Scripting
Apr 21, 2012
EPSS 0.01
CVE-2012-2400
WordPress < 3.3.2 - Vulnerability in swfobject.js
Apr 21, 2012
EPSS 0.02
CVE-2012-2399
WordPress < 3.3.1 - Cross-Site Scripting via SWFUpload buttonText Parameter
Apr 21, 2012
EPSS 0.04
CVE-2012-0937
WordPress < 3.3.1 - Denial of Service via MySQL Query Proxy in Setup-Config
Jan 30, 2012
EPSS 0.06
CVE-2012-0782
WordPress < 3.3.1 - Cross-Site Scripting via Installation Setup Parameters
Jan 30, 2012
EPSS 0.01
CVE-2012-0287
WordPress 3.3.x - Cross-Site Scripting via Query String in Duplicate Comment Handling
Jan 06, 2012
EPSS 0.01
CVE-2011-1762
MEDIUM
WordPress < 3.0.6 - Improper Access Control in wp-admin/press-this.php
Apr 18, 2022
CVSS 6.5
EPSS 0.00
CVE-2011-5270
WordPress < 3.0.6 - Authenticated Unauthorized Post Publishing via press-this.php
Jan 21, 2014
EPSS 0.01
CVE-2011-5216
SCORM Cloud For WordPress < 1.0.7 - SQL Injection via Active Parameter
Oct 25, 2012
EPSS 0.00
CVE-2011-5182
Lanoba Social Plugin 1.0 - Cross-Site Scripting via Action Parameter
Sep 20, 2012
EPSS 0.01
CVE-2011-5107
NUCLEI
Alert Before Your Post < 0.1.1 - Cross-Site Scripting via Name Parameter
Aug 23, 2012
EPSS 0.01
CVE-2011-4957
WordPress < 3.1.1 - Denial of Service via make_clickable URL Parsing
Jun 27, 2012
EPSS 0.03
CVE-2011-4956
WordPress < 3.1.1 - Cross-Site Scripting
Jun 27, 2012
EPSS 0.01
CVE-2011-4899
WordPress < 3.3.1 - Static Code Injection and Cross-Site Scripting via Database Configuration
Jan 30, 2012
EPSS 0.06
Products
wordpress 353
wordpress_mu 10
WordPress 3
sniplets_plugin 3
blix 2
math_comment_spam_protection_plugin 2
pay-with-tweet 2
wassup_plugin 2
Buddypress 1
Social-Share-Buttons 1
adserve 1
alert_before_you_post 1
blixed 1
blixkrieg 1
blogger_importer 1
captcha 1
cryptographp 1
dean_logan_wp-people_plugin 1
debug_bar 1
download_monitor_plugin 1
fcchat_widget 1
filemanager 1
gutenberg 1
health_check_\&_troubleshooting 1
lanoba_social_plugin 1
page_flip_image_gallery_plugin 1
performance_lab 1
permalinks_migration_plugin 1
peter\'s_math_anti-spam_for_wordpress 1
photo_album_plugin 1
Quick Filters