wordpress

412 tracked vulnerabilities.

CVE-2009-2853
WordPress < 2.8.3 - Unauthenticated Privilege Escalation via Direct Admin Script Access
Aug 18, 2009
EPSS 0.01
CVE-2009-2851
WordPress < 2.8.2 - Cross-Site Scripting via Comment Author URL
Aug 18, 2009
EPSS 0.03
CVE-2009-2762
WordPress < 2.8.3 - Unauthenticated Password Reset via Array Parameter Bypass
Aug 13, 2009
EPSS 0.74
CVE-2009-2432
WordPress < 2.8.1 - Information Disclosure via wp-settings.php Direct Request
Jul 10, 2009
EPSS 0.01
CVE-2009-2431
WordPress 2.7.1 - Information Disclosure via HTML Comment
Jul 10, 2009
EPSS 0.01
CVE-2009-2336
WordPress and WordPress MU < 2.8.1 - Username Enumeration via Forgotten Mail Interface
Jul 10, 2009
EPSS 0.02
CVE-2009-2335
WordPress < 2.8.1 - Username Enumeration via Failed Login Behavior
Jul 10, 2009
EPSS 0.85
CVE-2009-2334
WordPress < 2.8.1 - Unauthenticated Sensitive Information Exposure via Plugin Configuration
Jul 10, 2009
EPSS 0.12
CVE-2009-1030
WordPress MU < 2.7 - Cross-Site Scripting via HTTP Host Header
Mar 20, 2009
EPSS 0.02
CVE-2008-7216
Peter's Math Anti-Spam Spinoff - Info Disclosure
Sep 11, 2009
EPSS 0.05
CVE-2008-6767
WordPress - Unauthenticated Application Upgrade via wp-admin/upgrade.php
Apr 28, 2009
EPSS 0.01
CVE-2008-6762
WordPress - Open Redirect via Upgrade Backto Parameter
Apr 28, 2009
EPSS 0.00
CVE-2008-5752
Page Flip Image Gallery <0.2.2 - Path Traversal
Dec 30, 2008
EPSS 0.09
CVE-2008-5695
WordPress <2.3.2 - Authenticated RCE
Dec 19, 2008
EPSS 0.16
CVE-2008-5278
WordPress < 2.6.5 - Cross-Site Scripting via Host Header
Nov 28, 2008
EPSS 0.03
CVE-2008-5113
WordPress 2.6.3 - Cross-Site Request Forgery via REQUEST Superglobal Array
Nov 17, 2008
EPSS 0.00
CVE-2008-4796
Snoopy < 1.2.3 - OS Command Injection via HTTPS URL Shell Metacharacters
Oct 30, 2008
EPSS 0.01
CVE-2008-4769
WordPress < 2.3.3 - Path Traversal via Cat Parameter
Oct 28, 2008
EPSS 0.18
CVE-2008-4671
WordPress MU < 2.6 - Cross-Site Scripting via s or ip_address Parameter
Oct 22, 2008
EPSS 0.01
CVE-2008-4616
SpamBam Plugin for WordPress - Comment Restriction Bypass via Server-Supplied Shared Key
Oct 20, 2008
EPSS 0.04
CVE-2008-4106
WordPress < 2.6.2 - Unauthenticated Password Reset via SQL Column Truncation
Sep 18, 2008
EPSS 0.15
CVE-2008-3747
WordPress - Unauthenticated Administrative Access via SSL Bypass in Edit Post/Comment Links
Aug 27, 2008
EPSS 0.01
CVE-2008-3362
Giulio Ganci Wp Downloads Manager <0.2 - RCE
Jul 30, 2008
EPSS 0.06
CVE-2008-3233
WordPress < 2.6 - Cross-Site Scripting
Jul 18, 2008
EPSS 0.00
CVE-2008-2510
Upload File Plugin for WordPress - SQL Injection via f_id Parameter
May 29, 2008
EPSS 0.00
Products
wordpress 353 wordpress_mu 10 WordPress 3 sniplets_plugin 3 blix 2 math_comment_spam_protection_plugin 2 pay-with-tweet 2 wassup_plugin 2 Buddypress 1 Social-Share-Buttons 1 adserve 1 alert_before_you_post 1 blixed 1 blixkrieg 1 blogger_importer 1 captcha 1 cryptographp 1 dean_logan_wp-people_plugin 1 debug_bar 1 download_monitor_plugin 1 fcchat_widget 1 filemanager 1 gutenberg 1 health_check_\&_troubleshooting 1 lanoba_social_plugin 1 page_flip_image_gallery_plugin 1 performance_lab 1 permalinks_migration_plugin 1 peter\'s_math_anti-spam_for_wordpress 1 photo_album_plugin 1
Quick Filters
Critical CVEs With Exploits In CISA KEV