Filtered by vendor Wordpress
Subscriptions
Total
10377 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0539 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| The wp_remote_fopen function in WordPress before 2.1 allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a large file, which triggers a long download session without a timeout constraint. | ||||
| CVE-2008-7040 | 2 Wordpress, Yellowswordfish | 2 Wordpress, Simple Forum | 2025-04-09 | N/A |
| SQL injection vulnerability in ahah/sf-profile.php in the Yellow Swordfish Simple Forum module for Wordpress allows remote attackers to execute arbitrary SQL commands via the u parameter. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect. | ||||
| CVE-2009-2144 | 3 Edgewall, Firestats, Wordpress | 3 Firestats, Firestats, Wordpress | 2025-04-09 | N/A |
| SQL injection vulnerability in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2007-0109 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks. | ||||
| CVE-2008-0507 | 1 Wordpress | 1 Adserve | 2025-04-09 | N/A |
| SQL injection vulnerability in adclick.php in the AdServe 0.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2009-2854 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| Wordpress before 2.8.3 does not check capabilities for certain actions, which allows remote attackers to make unauthorized edits or additions via a direct request to (1) edit-comments.php, (2) edit-pages.php, (3) edit.php, (4) edit-category-form.php, (5) edit-link-category-form.php, (6) edit-tag-form.php, (7) export.php, (8) import.php, or (9) link-add.php in wp-admin/. | ||||
| CVE-2008-0490 | 1 Wordpress | 1 Wp Cal Plugin | 2025-04-09 | N/A |
| SQL injection vulnerability in functions/editevent.php in the WP-Cal 0.3 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-0206 | 1 Wordpress | 1 Captcha | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in captcha\captcha.php in the Captcha! 2.5d and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) captcha_ttffolder, (2) captcha_numchars, (3) captcha_ttfrange, or (4) captcha_secret parameter. | ||||
| CVE-2008-0203 | 1 Wordpress | 1 Cryptographp | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cryptographp/admin.php in the Cryptographp 1.2 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cryptwidth, (2) cryptheight, (3) bgimg, (4) charR, (5) charG, (6) charB, (7) charclear, (8) tfont, (9) charel, (10) charelc, (11) charelv, (12) charnbmin, (13) charnbmax, (14) charspace, (15) charsizemin, (16) charsizemax, (17) charanglemax, (18) noisepxmin, (19) noisepxmax, (20) noiselinemin, (21) noiselinemax, (22) nbcirclemin, (23) nbcirclemax, or (24) brushsize parameter to wp-admin/options-general.php. | ||||
| CVE-2008-0197 | 1 Wordpress | 1 Wp-contactform | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wpcf_email, (2) wpcf_subject, (3) wpcf_question, (4) wpcf_answer, (5) wpcf_success_msg, (6) wpcf_error_msg, or (7) wpcf_msg parameter to wp-admin/admin.php, or (8) the SRC attribute of an IFRAME element. | ||||
| CVE-2008-0195 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages. | ||||
| CVE-2008-6811 | 2 Instinct, Wordpress | 2 E-commerce Plugin, Wordpress | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in image_processing.php in the e-Commerce Plugin 3.4 and earlier for Wordpress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/plugins/wp-shopping-cart/. | ||||
| CVE-2008-0837 | 2 John Godley, Wordpress | 2 Search Unleashed, Search Unleashed Plugin | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the log feature in the John Godley Search Unleashed 0.2.10 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, which is not properly handled when the administrator views the log file. | ||||
| CVE-2008-1982 | 1 Wordpress | 2 Wordpress, Wpss | 2025-04-09 | N/A |
| SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) 0.6 and earlier plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter. | ||||
| CVE-2009-3890 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename. | ||||
| CVE-2008-4796 | 4 Debian, Nagios, Snoopy Project and 1 more | 4 Debian Linux, Nagios, Snoopy and 1 more | 2025-04-09 | N/A |
| The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs. | ||||
| CVE-2007-1599 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirect_to parameter. | ||||
| CVE-2007-2821 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter. | ||||
| CVE-2008-0193 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. | ||||
| CVE-2008-0520 | 1 Wordpress | 1 Wassup Plugin | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in main.php in the WassUp plugin 1.4 through 1.4.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) from_date or (2) to_date parameter to spy.php. | ||||