Lucene search
+L

173 matches found

OSV
OSV
added 2017/11/29 7:29 a.m.9 views

CVE-2017-17058

The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template...

7.5CVSS7.6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2017/05/04 12:0 a.m.11 views

PT-2017-18265 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 4.7.5 Description: The issue allows remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request. This is related to problematic use of the SERVER NAME variable in...

8.8CVSS6.8AI score0.26699EPSS
Exploits7References28
CNVD
CNVD
added 2016/06/28 12:0 a.m.4 views

WordPress Cross-Site Scripting Vulnerability (CNVD-2016-04365)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Software Foundation. A cross-site scripting vulnerability exists in WordPress 4.5.2 and earlier versions, which can be exploited by an attacker to inject arbitrary web script or HTML with the help of an...

6.1CVSS5.8AI score0.02123EPSS
Exploits0References1
CNVD
CNVD
added 2016/06/24 12:0 a.m.5 views

WordPress Unauthorized Operation Vulnerability

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An unauthorized operation vulnerability exists in WordPress 4.5.2 and earlier versions. An attacker can explo...

7.5CVSS6.6AI score0.0352EPSS
Exploits0References1
CNVD
CNVD
added 2016/05/09 12:0 a.m.4 views

WordPress has an unspecified vulnerability (CNVD-2016-02898)

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress 4.5.1 and earlier versions. The vulnerability can be exploited b...

6.1CVSS6.6AI score0.05361EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2016/02/08 12:0 a.m.17 views

WordPress Core Multiple Vulnerabilities (Feb 2016) - Windows

WordPress is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescripti...

7.3AI score
Exploits0References2
OSV
OSV
added 2015/08/05 10:59 a.m.1 views

DEBIAN-CVE-2015-3439

Cross-site scripting XSS vulnerability in the Ephox formerly Moxiecode plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as...

4.3CVSS6.4AI score0.06124EPSS
Exploits1References1
OSV
OSV
added 2015/08/05 1:59 a.m.2 views

DEBIAN-CVE-2015-3438

Multiple cross-site scripting XSS vulnerabilities in WordPress before 4.1.2, when MySQL is used without strict mode, allow remote attackers to inject arbitrary web script or HTML via a 1 four-byte UTF-8 character or 2 invalid character that reaches the database layer, as demonstrated by a crafted...

4.3CVSS5.8AI score0.08578EPSS
Exploits1References1
OSV
OSV
added 2014/11/25 11:59 p.m.1 views

DEBIAN-CVE-2014-9039

wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message...

4.3CVSS7AI score0.02375EPSS
Exploits0References1
Kitploit
Kitploit
added 2013/12/31 4:40 p.m.32 views

[flunym0us] Vulnerability Scanner for Wordpress and Moodle

Flunym0us is a Vulnerability Scanner for Wordpress and Moodle designed by Flu Project Team. Flunym0us has been developed in Python. Flunym0us performs dictionary attacks against Web sites. By default, Flunym0us includes a dictionary for Wordpress and other for Moodle. Operation Flunym0us requires...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2012/01/30 12:0 a.m.5 views

PT-2012-2964 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress versions 3.3.1 and earlier Description: The issue allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter. This is possible because the installation component...

5CVSS6.9AI score0.08068EPSS
Exploits1References15
OSV
OSV
added 2008/01/10 12:46 a.m.4 views

DEBIAN-CVE-2008-0195

WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages...

5CVSS6.7AI score0.0331EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2007/11/19 12:0 a.m.1 views

PT-2007-6940 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: Wordpress versions 1.5 through 2.3.1 Description: The issue allows attackers to bypass authentication by obtaining the MD5 hash from the user database and then generating the authentication cookie from that hash. This is possible because...

9.8CVSS9.5AI score0.03279EPSS
Exploits1References17
Rows per page
Query Builder