wordpress

412 tracked vulnerabilities.

CVE-2007-4154
WordPress 2.2.1 - Authenticated SQL Injection via page_options Parameter
Aug 03, 2007
EPSS 0.01
CVE-2007-4139
WordPress 2.2.1 - Cross-Site Scripting via Style Parameter in Upload Functionality
Aug 03, 2007
EPSS 0.01
CVE-2007-4014
WordPress Blix/Blixed/BlixKrieg - XSS
Jul 26, 2007
EPSS 0.02
CVE-2007-3639
WordPress < 2.2.1 - Open Redirect via _wp_http_referer Parameter
Jul 10, 2007
EPSS 0.01
CVE-2007-3543
WordPress < 2.2.1 and WordPress MU < 1.2.3 - Authenticated Arbitrary PHP File Upload via _wp_attached_file Metadata
Jul 03, 2007
EPSS 0.02
CVE-2007-3544
WordPress < 2.2.0 and WordPress MU < 1.2.2 - Authenticated Arbitrary File Upload
Jul 03, 2007
EPSS 0.01
CVE-2007-3238
WordPress 2.2 - Authenticated Cross-Site Scripting via PATH_INFO in wp-admin/themes.php
Jun 15, 2007
EPSS 0.01
CVE-2007-3239
WordPress AndyBlue theme - Cross-Site Scripting via PHP_SELF Parameter
Jun 15, 2007
EPSS 0.01
CVE-2007-3240
WordPress Vistered-Little theme - Stored Cross-Site Scripting via REQUEST_URI Parameter
Jun 15, 2007
EPSS 0.01
CVE-2007-3241
WordPress cordobo-green-park theme - Cross-Site Scripting via PHP_SELF Parameter
Jun 15, 2007
EPSS 0.00
CVE-2007-3140
WordPress 2.2 - Authenticated SQL Injection via XML-RPC wp.suggestCategories Method
Jun 08, 2007
EPSS 0.03
CVE-2007-2821
WordPress < 2.2 - SQL Injection via Cookie Parameter
May 22, 2007
EPSS 0.06
CVE-2007-2627
WordPress - Cross-Site Scripting via PHP_SELF in Sidebar
May 11, 2007
EPSS 0.01
CVE-2007-1893
WordPress < 2.1.2 - Authenticated Post Publishing Privilege Escalation via XML-RPC
Apr 09, 2007
EPSS 0.00
CVE-2007-1894
WordPress - Cross-Site Scripting via Year Parameter in wp_title Function
Apr 09, 2007
EPSS 0.06
CVE-2007-1897
WordPress < 2.1.2 - Authenticated SQL Injection via XML-RPC mt.setPostCategories Method
Apr 09, 2007
EPSS 0.05
CVE-2007-1732
WordPress 2.1.2 - Authenticated Cross-Site Scripting via Demo Parameter
Mar 28, 2007
EPSS 0.01
CVE-2007-1622
WordPress < 2.0.10 RC2 and < 2.1.3 RC2 - Authenticated Cross-Site Scripting via PATH_INFO
Mar 23, 2007
EPSS 0.03
CVE-2007-1599
WordPress - Open Redirect via wp-login.php redirect_to Parameter
Mar 22, 2007
EPSS 0.01
CVE-2007-1409
WordPress - Information Disclosure via Direct Request to wp-admin/admin-functions.php
Mar 10, 2007
EPSS 0.01
CVE-2007-1277
WordPress 2.1.1 - Remote Code Execution via Backdoor in Feed and Theme PHP Files
Mar 05, 2007
EPSS 0.85
CVE-2007-1244
WordPress < 2.1.1 - Cross-Site Request Forgery via AdminPanel Delete Action
Mar 03, 2007
EPSS 0.08
CVE-2007-1230
WordPress - Cross-Site Scripting via Referer HTTP Header or URI
Mar 02, 2007
EPSS 0.01
CVE-2007-1049
WordPress 2.0-2.0.8 and 2.1 - Cross-Site Scripting via wp_explain_nonce Function
Feb 21, 2007
EPSS 0.06
CVE-2007-0539
WordPress < 2.0 - Denial of Service via Pingback Service Calls
Jan 29, 2007
EPSS 0.01
Products
wordpress 353 wordpress_mu 10 WordPress 3 sniplets_plugin 3 blix 2 math_comment_spam_protection_plugin 2 pay-with-tweet 2 wassup_plugin 2 Buddypress 1 Social-Share-Buttons 1 adserve 1 alert_before_you_post 1 blixed 1 blixkrieg 1 blogger_importer 1 captcha 1 cryptographp 1 dean_logan_wp-people_plugin 1 debug_bar 1 download_monitor_plugin 1 fcchat_widget 1 filemanager 1 gutenberg 1 health_check_\&_troubleshooting 1 lanoba_social_plugin 1 page_flip_image_gallery_plugin 1 performance_lab 1 permalinks_migration_plugin 1 peter\'s_math_anti-spam_for_wordpress 1 photo_album_plugin 1
Quick Filters
Critical CVEs With Exploits In CISA KEV