wordpress
412 tracked vulnerabilities.
CVE-2013-2205
WordPress < 3.5.2 - Cross-Site Scripting via SWFUpload allowDomain Bypass
Jul 08, 2013
EPSS 0.01
CVE-2013-2204
TinyMCE Media Plugin < 3.5.2 - Content Spoofing via Flash Parameter Injection
Jul 08, 2013
EPSS 0.01
CVE-2013-2203
WordPress < 3.5.2 - Unauthenticated Absolute Path Disclosure via Invalid Upload Request
Jul 08, 2013
EPSS 0.01
CVE-2013-2202
WordPress < 3.5.2 - XML External Entity Injection via oEmbed Provider Response
Jul 08, 2013
EPSS 0.01
CVE-2013-2201
WordPress < 3.5.2 - Cross-Site Scripting via Media File Upload and Theme/Plugin Management
Jul 08, 2013
EPSS 0.01
CVE-2013-2200
WordPress < 3.5.2 - Authenticated Capability Bypass
Jul 08, 2013
EPSS 0.01
CVE-2013-2199
WordPress < 3.5.2 - Server-Side Request Forgery
Jul 08, 2013
EPSS 0.01
CVE-2013-0237
Moxiecode plupload < 1.5.5 - Cross-Site Scripting via id Parameter
Jul 08, 2013
EPSS 0.00
CVE-2013-0236
WordPress < 3.5.1 - Cross-Site Scripting via Gallery Shortcodes or Post Content
Jul 08, 2013
EPSS 0.00
CVE-2013-0235
WordPress < 3.5.1 - Server-Side Request Forgery via XMLRPC Pingback
Jul 08, 2013
EPSS 0.58
CVE-2013-3250
WP Maintenance Mode Plugin < 1.8.8 - Cross-Site Request Forgery
Jun 21, 2013
EPSS 0.00
CVE-2013-2173
WordPress 3.5.1 - Denial of Service via wp-postpass Cookie
Jun 21, 2013
EPSS 0.02
CVE-2012-6707
HIGH
WordPress < 4.8.2 - Inadequate Encryption Strength via MD5 Password Hashing
Oct 19, 2017
CVSS 7.5
EPSS 0.00
CVE-2012-6635
WordPress < 3.3.3 - Authenticated Information Disclosure via Draft Excerpt Access
Jan 21, 2014
EPSS 0.01
CVE-2012-6634
WordPress < 3.3.3 - Information Disclosure and Media-Attachment Restriction Bypass via post_id Parameter
Jan 21, 2014
EPSS 0.01
CVE-2012-6633
WordPress < 3.3.3 - Cross-Site Scripting via Editable Slug Field
Jan 21, 2014
EPSS 0.00
CVE-2012-3414
SWFUpload < 2.2.0.1 - Cross-Site Scripting via movieName Parameter
Jul 19, 2013
EPSS 0.06
CVE-2012-6527
My Calendar < 1.10.2 - Cross-Site Scripting via PATH_INFO
Jan 31, 2013
EPSS 0.00
CVE-2012-5868
WordPress 3.4.2 - Session Fixation via Incomplete Logout Cookie Invalidation
Dec 27, 2012
EPSS 0.01
CVE-2012-5350
Pay With Tweet <1.2 - SQL Injection
Oct 09, 2012
EPSS 0.01
CVE-2012-5349
Pay With Tweet < 1.1 - Cross-Site Scripting via Link, Title, or DL Parameter
Oct 09, 2012
EPSS 0.05
CVE-2012-5229
Slideshow Gallery2 - Cross-Site Scripting via Border Parameter
Oct 01, 2012
EPSS 0.01
CVE-2012-4448
WordPress 3.4.2 - Cross-Site Request Forgery via Dashboard Incoming Links Edit Action
Sep 28, 2012
EPSS 0.00
CVE-2012-4422
WordPress < 3.4.2 - Authenticated Unintended Plugin Activation via Multisite Feature
Sep 14, 2012
EPSS 0.00
CVE-2012-4421
WordPress < 3.4.2 - Authenticated Post Publication via Atom Publishing Protocol
Sep 14, 2012
EPSS 0.00
Products
wordpress 353
wordpress_mu 10
WordPress 3
sniplets_plugin 3
blix 2
math_comment_spam_protection_plugin 2
pay-with-tweet 2
wassup_plugin 2
Buddypress 1
Social-Share-Buttons 1
adserve 1
alert_before_you_post 1
blixed 1
blixkrieg 1
blogger_importer 1
captcha 1
cryptographp 1
dean_logan_wp-people_plugin 1
debug_bar 1
download_monitor_plugin 1
fcchat_widget 1
filemanager 1
gutenberg 1
health_check_\&_troubleshooting 1
lanoba_social_plugin 1
page_flip_image_gallery_plugin 1
performance_lab 1
permalinks_migration_plugin 1
peter\'s_math_anti-spam_for_wordpress 1
photo_album_plugin 1
Quick Filters