Export limit exceeded: 13895 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (13895 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-1232 2 Foliovision, Wordpress 2 Foliopress Wysiwyg, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-3434 2 Tom Braider, Wordpress 2 Count Per Day, Wordpress 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in userperspan.php in the Count Per Day module before 3.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) datemin, or (3) datemax parameter.
CVE-2012-5387 2 Videousermanuals, Wordpress 2 White-label-cms, Wordpress 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences.
CVE-2012-5328 2 Cartpauj, Wordpress 2 Mingle-forum, Wordpress 2025-04-11 N/A
Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via the (1) memberid or (2) groupid parameters in a removemember action or (3) id parameter to fs-admin/fs-admin.php, or (4) edit_forum_id parameter in an edit_save_forum action to fs-admin/wpf-edit-forum-group.php.
CVE-2012-5327 2 Cartpauj, Wordpress 2 Mingle-forum, Wordpress 2025-04-11 N/A
Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) delete_usrgrp[] parameter in a delete_usergroups action, (2) usergroup parameter in an add_user_togroup action, or (3) add_forum_group_id parameter in an add_forum_submit action.
CVE-2013-5961 2 Danny Morris, Wordpress 2 Lazy Seo, Wordpress 2025-04-11 N/A
Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in lazy-seo/.
CVE-2012-5325 2 Cartpauj, Wordpress 2 Shortcode-redirect, Wordpress 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the scr_do_redirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via the (1) url or (2) sec attributes in a redirect tag.
CVE-2012-5178 2 Welcart, Wordpress 2 Welcart Plugin, Wordpress 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that complete a purchase.
CVE-2013-2709 2 Crunchify, Wordpress 2 Foursquare-checkins, Wordpress 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the FourSquare Checkins plugin before 1.3 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVE-2012-5177 2 Welcart, Wordpress 2 Welcart Plugin, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-4422 1 Wordpress 1 Wordpress 2025-04-11 N/A
wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin changes by leveraging the Administrator role.
CVE-2012-4421 1 Wordpress 1 Wordpress 2025-04-11 N/A
The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing Protocol (aka AtomPub) feature.
CVE-2012-4283 2 Netweblogic, Wordpress 2 Login With Ajax, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Login With Ajax plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter.
CVE-2013-3254 2 Wordpress, Wppa.opajaap 2 Wordpress, Wp-photo-album-plus 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the WP Photo Album Plus plugin before 5.0.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the commentid parameter in a wppa_manage_comments edit action.
CVE-2012-1936 1 Wordpress 1 Wordpress 2025-04-11 N/A
The wp_create_nonce function in wp-includes/pluggable.php in WordPress 3.3.1 and earlier associates a nonce with a user account instead of a user session, which might make it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks on specific actions and objects by sniffing the network, as demonstrated by attacks against the wp-admin/admin-ajax.php and wp-admin/user-new.php scripts. NOTE: the vendor reportedly disputes the significance of this issue because wp_create_nonce operates as intended, even if it is arguably inconsistent with certain CSRF protection details advocated by external organizations
CVE-2012-4242 2 Mf Gig Calendar Project, Wordpress 2 Mf Gig Calendar, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.
CVE-2012-6313 2 Simple Gmail Login, Wordpress 3 1.1.2, 1.1.3, Wordpress 2025-04-11 N/A
simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace.
CVE-2012-3577 2 Nmedia, Wordpress 2 Member Conversation, Wordpress 2025-04-11 N/A
Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/user_uploads.
CVE-2011-3130 1 Wordpress 1 Wordpress 2025-04-11 N/A
wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Taxonomy query hardening," possibly involving SQL injection.
CVE-2010-4630 2 Fubra, Wordpress 2 Wp-survey-and-quiz-tool, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in pages/admin/surveys/create.php in the WP Survey And Quiz Tool plugin 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter.