173 matches found
CVE-2017-17058
The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template...
PT-2017-18265 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 4.7.5 Description: The issue allows remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request. This is related to problematic use of the SERVER NAME variable in...
WordPress Cross-Site Scripting Vulnerability (CNVD-2016-04365)
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Software Foundation. A cross-site scripting vulnerability exists in WordPress 4.5.2 and earlier versions, which can be exploited by an attacker to inject arbitrary web script or HTML with the help of an...
WordPress Unauthorized Operation Vulnerability
WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An unauthorized operation vulnerability exists in WordPress 4.5.2 and earlier versions. An attacker can explo...
WordPress has an unspecified vulnerability (CNVD-2016-02898)
WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress 4.5.1 and earlier versions. The vulnerability can be exploited b...
WordPress Core Multiple Vulnerabilities (Feb 2016) - Windows
WordPress is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescripti...
DEBIAN-CVE-2015-3439
Cross-site scripting XSS vulnerability in the Ephox formerly Moxiecode plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as...
DEBIAN-CVE-2015-3438
Multiple cross-site scripting XSS vulnerabilities in WordPress before 4.1.2, when MySQL is used without strict mode, allow remote attackers to inject arbitrary web script or HTML via a 1 four-byte UTF-8 character or 2 invalid character that reaches the database layer, as demonstrated by a crafted...
DEBIAN-CVE-2014-9039
wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message...
[flunym0us] Vulnerability Scanner for Wordpress and Moodle
Flunym0us is a Vulnerability Scanner for Wordpress and Moodle designed by Flu Project Team. Flunym0us has been developed in Python. Flunym0us performs dictionary attacks against Web sites. By default, Flunym0us includes a dictionary for Wordpress and other for Moodle. Operation Flunym0us requires...
PT-2012-2964 · WordPress +1 · Wordpress +1
Name of the Vulnerable Software and Affected Versions: WordPress versions 3.3.1 and earlier Description: The issue allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter. This is possible because the installation component...
DEBIAN-CVE-2008-0195
WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages...
PT-2007-6940 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: Wordpress versions 1.5 through 2.3.1 Description: The issue allows attackers to bypass authentication by obtaining the MD5 hash from the user database and then generating the authentication cookie from that hash. This is possible because...