Total
581 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2916 | 2 Dlo, Wordpress | 2 Simple Anti Bot Registration Engine Plugin, Wordpress | 2026-04-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in the SABRE plugin before 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the active_option parameter to wp-admin/tools.php. | |||||
| CVE-2010-4747 | 2 Ahmattox, Wordpress | 2 Processing Embed Plugin, Wordpress | 2026-04-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wordpress-processing-embed/data/popup.php in the Processing Embed plugin 0.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pluginurl parameter. | |||||
| CVE-2012-4264 | 2 Bit51, Wordpress | 2 Better-wp-security, Wordpress | 2026-04-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "server variables," a different vulnerability than CVE-2012-4263. | |||||
| CVE-2011-5181 | 2 Clickdesk, Wordpress | 2 Clickdesk Live Support-live Chat Plugin, Wordpress | 2026-04-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-3122 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 10.0 HIGH | N/A |
| Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Media security." | |||||
| CVE-2011-4673 | 2 Automattic, Wordpress | 2 Jetpack, Wordpress | 2026-04-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2012-4421 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 4.0 MEDIUM | N/A |
| The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing Protocol (aka AtomPub) feature. | |||||
| CVE-2010-4536 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersand) character, (2) the case of an attribute name, (3) a padded entity, and (4) an entity that is not in normalized form. | |||||
| CVE-2013-2704 | 2 Metin Saylan, Wordpress | 2 Dropdown Menu Widget, Wordpress | 2026-04-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Dropdown Menu Widget plugin 1.9.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences. | |||||
| CVE-2012-6634 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 6.4 MEDIUM | N/A |
| wp-admin/media-upload.php in WordPress before 3.3.3 allows remote attackers to obtain sensitive information or bypass intended media-attachment restrictions via a post_id value. | |||||
| CVE-2013-2709 | 2 Crunchify, Wordpress | 2 Foursquare-checkins, Wordpress | 2026-04-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the FourSquare Checkins plugin before 1.3 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2013-3253 | 2 Wordpress, Xhanch | 2 Wordpress, My Twitter | 2026-04-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/setting.php in the Xhanch - My Twitter plugin before 2.7.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change unspecified settings. | |||||
| CVE-2007-1049 | 2 Gentoo, Wordpress | 2 Linux, Wordpress | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable. | |||||
| CVE-2007-0106 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request. | |||||
| CVE-2008-3233 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN development versions only, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4169 | 2 Roytanck, Wordpress | 2 Wp-cumulus, Wordpress | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wp-cumulus.php in the WP-Cumulus Plug-in before 1.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-1897 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable. | |||||
| CVE-2007-5710 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in wp-admin/edit-post-rows.php in WordPress 2.3 allows remote attackers to inject arbitrary web script or HTML via the posts_columns array parameter. | |||||
| CVE-2008-3747 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.5 HIGH | N/A |
| The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie. | |||||
| CVE-2008-4106 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.1 MEDIUM | N/A |
| WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a "SQL column truncation vulnerability." NOTE: the attacker can discover the random password by also exploiting CVE-2008-4107. | |||||