wordpress

412 tracked vulnerabilities.

CVE-2011-4898
WordPress < 3.3.1 - Unauthenticated Sensitive Information Exposure via Installation Error Messages
Jan 30, 2012
EPSS 0.07
CVE-2011-4669
WordPress Users < 1.3 - SQL Injection via uid Parameter
Dec 02, 2011
EPSS 0.01
CVE-2011-3818
WordPress 2.9.2 and 3.0.4 - Exposure of Sensitive Information via Direct Request to .php Files
Sep 24, 2011
EPSS 0.00
CVE-2011-3130
WordPress 3.1-3.1.2 and 3.2 Beta 1 - SQL Injection in Taxonomy Query
Aug 10, 2011
EPSS 0.01
CVE-2011-3129
WordPress 3.1-3.1.2 - Arbitrary File Upload via Dangerous Filename Handling
Aug 10, 2011
EPSS 0.01
CVE-2011-3128
WordPress 3.1-3.1.2 and 3.2 Beta 1 - Unauthorized Sensitive Data Exposure via Unattached Attachments
Aug 10, 2011
EPSS 0.01
CVE-2011-3127
WordPress 3.1-3.1.2 and 3.2 Beta 1 - Clickjacking via Frame Rendering
Aug 10, 2011
EPSS 0.00
CVE-2011-3126
WordPress 3.1-3.1.2 and 3.2 Beta 1 - Username Enumeration via Canonical Redirects
Aug 10, 2011
EPSS 0.01
CVE-2011-3125
WordPress <3.1.3, <3.2 - Info Disclosure
Aug 10, 2011
EPSS 0.01
CVE-2011-3122
WordPress <3.1.3, <3.2 - Info Disclosure
Aug 10, 2011
EPSS 0.01
CVE-2011-0701
WordPress < 3.0.4 - Authenticated Exposure of Sensitive Information via Modified attachment_id Parameter
Mar 14, 2011
EPSS 0.02
CVE-2011-0700
WordPress < 3.0.5 - Authenticated Cross-Site Scripting via Quick/Bulk Edit Title
Mar 14, 2011
EPSS 0.01
CVE-2010-5297
WordPress <3.0.1 - Privilege Escalation
Jan 21, 2014
EPSS 0.00
CVE-2010-5296
WordPress < 3.0.2 - Authenticated Privilege Escalation via delete_users Capability
Jan 21, 2014
EPSS 0.00
CVE-2010-5295
WordPress < 3.0.2 - Cross-Site Scripting via Plugin Author Field
Jan 21, 2014
EPSS 0.01
CVE-2010-5294
WordPress < 3.0.2 - Cross-Site Scripting via FTP/SSH Error Message
Jan 21, 2014
EPSS 0.01
CVE-2010-5293
WordPress < 3.0.2 - Spam Restriction Bypass via Trackback/Pingback URL
Jan 21, 2014
EPSS 0.00
CVE-2010-5106
WordPress < 3.0.3 - Authenticated Capability Bypass in XML-RPC Interface
Sep 14, 2012
EPSS 0.00
CVE-2010-4536
WordPress < 3.0.3 - Cross-Site Scripting via KSES Input Handling
Jan 03, 2011
EPSS 0.04
CVE-2010-4257
WordPress < 3.0.1 - Authenticated SQL Injection via Send Trackbacks Field
Dec 07, 2010
EPSS 0.03
CVE-2010-0682
WordPress 2.9 - Authenticated Information Disclosure via Trash Post Access
Feb 23, 2010
EPSS 0.25
CVE-2009-3891
WordPress < 2.8.6 - Authenticated Cross-Site Scripting via Press This s Parameter
Nov 17, 2009
EPSS 0.01
CVE-2009-3890
WordPress < 2.8.5 - Authenticated Remote Code Execution via Multiple-Extension Filename Upload
Nov 17, 2009
EPSS 0.10
CVE-2009-3622
WordPress < 2.8.4 - Denial of Service via wp-trackback.php Title Parameter
Oct 23, 2009
EPSS 0.08
CVE-2009-2854
WordPress < 2.8.3 - Unauthenticated Unauthorized Edits via Direct Requests
Aug 18, 2009
EPSS 0.02
Products
wordpress 353 wordpress_mu 10 WordPress 3 sniplets_plugin 3 blix 2 math_comment_spam_protection_plugin 2 pay-with-tweet 2 wassup_plugin 2 Buddypress 1 Social-Share-Buttons 1 adserve 1 alert_before_you_post 1 blixed 1 blixkrieg 1 blogger_importer 1 captcha 1 cryptographp 1 dean_logan_wp-people_plugin 1 debug_bar 1 download_monitor_plugin 1 fcchat_widget 1 filemanager 1 gutenberg 1 health_check_\&_troubleshooting 1 lanoba_social_plugin 1 page_flip_image_gallery_plugin 1 performance_lab 1 permalinks_migration_plugin 1 peter\'s_math_anti-spam_for_wordpress 1 photo_album_plugin 1
Quick Filters
Critical CVEs With Exploits In CISA KEV