Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / wordpress

wordpress

412 tracked vulnerabilities.

CVE-2016-5834 MEDIUM

WordPress < 4.5.3 - Cross-Site Scripting via Crafted Attachment Name

CVE-2016-5833 MEDIUM

WordPress < 4.5.3 - Cross-Site Scripting via Crafted Attachment Name

CVE-2016-5832 HIGH

WordPress < 4.5.3 - Open Redirect via Customizer

CVE-2016-4567 MEDIUM

MediaElement.js < 2.21.0 - Cross-Site Scripting via FlashMediaElement.as jsinitfunction Parameter

CVE-2016-4566 MEDIUM

WordPress < 4.5.2 - Cross-Site Scripting via Plupload Flash Component

CVE-2016-2222 HIGH

WordPress < 4.4.2 - Server-Side Request Forgery via IPv4 Address in u Parameter

CVE-2016-2221 HIGH

WordPress < 4.4.2 - Open Redirect via Malformed URL Hostname Parsing

CVE-2016-1564 MEDIUM

WordPress < 4.4.1 - Cross-Site Scripting via Stylesheet or Template Name

CVE-2015-8834 MEDIUM

WordPress < 4.2.2 - Cross-Site Scripting via Long Comment Storage

CVE-2015-7989 MEDIUM

WordPress < 4.3.1 - Authenticated Cross-Site Scripting via User Email Address

CVE-2015-5715 MEDIUM

WordPress < 4.3.1 - Authenticated Access Bypass via XMLRPC Post Editing

CVE-2015-5714 MEDIUM

WordPress < 4.3.1 - Cross-Site Scripting via Shortcode Tag Processing

WordPress < 4.2.3 - Cross-Site Scripting in Legacy Theme Preview

WordPress < 4.2.4 - Cross-Site Scripting via Accessibility Helper Title

WordPress < 4.2.3 - Cross-Site Scripting via Widget Title

WordPress < 4.2.3 - Cross-Site Request Forgery via Post Lock Action

WordPress < 4.2.4 - Timing Side-Channel Attack via Widget Instance Sanitization

WordPress < 4.2.3 - SQL Injection via Trashed Comment Handling

Ephox plupload.flash.swf shim 2.1.2 - XSS

WordPress < 4.1.2 - Cross-Site Scripting via UTF-8 Character Handling

WordPress < 4.2.3 - Authenticated Improper Access Control via Post Quickdraft Save

WordPress < 4.2.3 - Authenticated Cross-Site Scripting via Shortcode in HTML Element

WordPress <4.2.1 - XSS

CVE-2014-6412 HIGH

WordPress < 4.4.0 - Weak Password Recovery Token Generation

WordPress <4.0.1 - Remote Code Execution

Previous Page 7 of 17 Next

Products

wordpress 353 wordpress_mu 10 WordPress 3 sniplets_plugin 3 blix 2 math_comment_spam_protection_plugin 2 pay-with-tweet 2 wassup_plugin 2 Buddypress 1 Social-Share-Buttons 1 adserve 1 alert_before_you_post 1 blixed 1 blixkrieg 1 blogger_importer 1 captcha 1 cryptographp 1 dean_logan_wp-people_plugin 1 debug_bar 1 download_monitor_plugin 1 fcchat_widget 1 filemanager 1 gutenberg 1 health_check_\&_troubleshooting 1 lanoba_social_plugin 1 page_flip_image_gallery_plugin 1 performance_lab 1 permalinks_migration_plugin 1 peter\'s_math_anti-spam_for_wordpress 1 photo_album_plugin 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy