Export limit exceeded: 12271 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12271 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-4272 | 2 Ppfeufer, Wordpress | 2 2-click-social-media-buttons, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "processing of the buttons of Xing and Pinterest". | ||||
| CVE-2012-4283 | 2 Netweblogic, Wordpress | 2 Login With Ajax, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Login With Ajax plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter. | ||||
| CVE-2011-3125 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Various security hardening." | ||||
| CVE-2013-5673 | 2 Indianic, Wordpress | 2 Testimonial Plugin, Wordpress | 2025-04-11 | N/A |
| SQL injection vulnerability in testimonial.php in the IndiaNIC Testimonial plugin 2.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the custom_query parameter in a testimonial_add action to wp-admin/admin-ajax.php. | ||||
| CVE-2013-4117 | 2 Anshul Sharma, Wordpress | 2 Category-grid-view-gallery, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter. | ||||
| CVE-2010-0682 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter. | ||||
| CVE-2013-3720 | 2 Feedweb, Wordpress | 2 Feedweb, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin before 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wp_post_id parameter. | ||||
| CVE-2010-3977 | 2 Deliciousdays, Wordpress | 2 Cforms, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters. | ||||
| CVE-2010-0673 | 2 Copperleaf, Wordpress | 2 Photolog, Wordpress | 2025-04-11 | N/A |
| SQL injection vulnerability in cplphoto.php in the Copperleaf Photolog plugin 0.16, and possibly earlier, for WordPress allows remote attackers to execute arbitrary SQL commands via the postid parameter. | ||||
| CVE-2013-3532 | 2 Webdorado, Wordpress | 2 Spider Video Player, Wordpress | 2025-04-11 | N/A |
| SQL injection vulnerability in settings.php in the Web Dorado Spider Video Player plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the theme parameter. | ||||
| CVE-2013-3530 | 2 Fabricio Zuardi, Wordpress | 2 Xspf Player Plugin, Wordpress | 2025-04-11 | N/A |
| SQL injection vulnerability in playlist.php in the Spiffy XSPF Player plugin 0.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the playlist_id parameter. | ||||
| CVE-2012-5177 | 2 Welcart, Wordpress | 2 Welcart Plugin, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-3526 | 2 Wordpress, Wptrafficanalyzer | 2 Wordpress, Trafficanalyzer | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter. | ||||
| CVE-2013-3491 | 2 Mdolon, Wordpress | 2 Sharebar, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Sharebar plugin 1.2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) modify buttons, or (3) insert cross-site scripting (XSS) sequences. | ||||
| CVE-2012-4874 | 2 Awpcp, Wordpress | 2 Another Wordpress Classifieds Plugin, Wordpress | 2025-04-11 | N/A |
| Unspecified vulnerability in the Another WordPress Classifieds Plugin before 2.0 for WordPress has unknown impact and attack vectors related to "image uploads." | ||||
| CVE-2012-5229 | 1 Wordpress | 2 Slideshow Gallery2, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in css/gallery-css.php in the Slideshow Gallery2 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the border parameter. | ||||
| CVE-2011-3126 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote attackers to determine usernames of non-authors via canonical redirects. | ||||
| CVE-2011-3127 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for (1) admin or (2) login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | ||||
| CVE-2012-5868 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack. | ||||
| CVE-2013-2744 | 2 Ithemes, Wordpress | 2 Backupbuddy, Wordpress | 2025-04-11 | N/A |
| importbuddy.php in the BackupBuddy plugin 2.2.25 for WordPress allows remote attackers to obtain configuration information via a step 0 phpinfo action, which calls the phpinfo function. | ||||