CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

384 matches found

CVE•added 2013/05/10 10:0 a.m.•45 views

CVE-2013-3254

The CVE-2013-3254 entry describes a Cross-site Scripting (XSS) vulnerability in the WP Photo Album Plus WordPress plugin's admin interface. Specifically, wp-admin/admin.php is vulnerable in versions before 5.0.3 via the commentid parameter used in the wppa_manage_comments edit action, allowing re...

4.3CVSS6AI score0.01601EPSS

Exploits0References2Affected Software1

Patchstack•added 2013/04/22 12:0 a.m.•17 views

WordPress GRAND FlAGallery Plugin <= 2.71 - XSS

Because of this vulnerability in wp-admin/admin.php, the attackers can inject arbitrary web script or HTML via the "s" parameter in a flag-manage-gallery action. Solution Update the plugin...

4.3CVSS2.9AI score0.01615EPSS

Exploits0References1Affected Software1

NVD•added 2012/12/11 12:18 p.m.•25 views

CVE-2012-6312

Cross-site scripting XSS vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php...

4.3CVSS5.7AI score0.03236EPSS

Exploits1References2

Prion•added 2012/10/24 5:55 p.m.•17 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcmsodevelopername parameter in a save action to...

6.8CVSS6.6AI score0.02993EPSS

Exploits6References6Affected Software1

Prion•added 2012/05/21 6:55 p.m.•10 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Share and Follow plugin 1.80.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the CDN API Key cnd-key in a share-and-follow-menu page to wp-admin/admin.php...

4.3CVSS6.2AI score0.03748EPSS

Exploits1References3Affected Software1

WPVulnDB•added 2012/05/15 12:0 a.m.•30 views

Sharebar <= 1.2.1 - SQL Injection & Cross-Site Scripting (XSS)

wp-admin/options-general.php status parameter XSS...

7.5CVSS2.5AI score0.01815EPSS

Exploits0References2Affected Software1

CVE•added 2012/04/21 11:0 p.m.•122 views

CVE-2012-2402

CVE-2012-2402 affects WordPress up to version 3.3.1 (patched in 3.3.2). The flaw is in wp-admin/plugins.php, where remote authenticated site administrators could bypass access restrictions and deactivate network-wide plugins via unspecified vectors. The OpenVAS/Nessus/DSA references confirm this ...

5.5CVSS5.9AI score0.02614EPSS

Exploits0References9Affected Software1

Positive Technologies•added 2012/01/30 12:0 a.m.•6 views

PT-2012-2868 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress versions 3.3.1 and earlier Description: The issue allows remote attackers to inject arbitrary web script or HTML via the dbhost, dbname, or uname parameters in the wp-admin/setup-config.php file. The vendor disputes the significance...

4.3CVSS6.8AI score0.03751EPSS

Exploits7References15

Patchstack•added 2012/01/18 12:0 a.m.•27 views

WordPress <= 3.3.1 - Multiple XSS

Because of these vulnerabilities in wp-admin/setup-config.php, the attackers can inject arbitrary web script or HTML. Solution Update WordPress...

4.3CVSS1.6AI score0.03751EPSS

Exploits7References1Affected Software1

Prion•added 2011/03/14 7:55 p.m.•23 views

Code injection

wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read 1 draft posts or 2 private posts via a modified attachmentid parameter...

4CVSS6.3AI score0.03168EPSS

Exploits0References13Affected Software1

NVD•added 2011/01/25 7:0 p.m.•16 views

CVE-2011-0641

Multiple cross-site scripting XSS vulnerabilities in wp-admin/admin.php in the StatPressCN plugin 1.9.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 what1, 2 what2, 3 what3, 4 what4, and 5 what5 parameters. NOTE: the provenance of this information is...

4.3CVSS5.8AI score0.0183EPSS

Exploits0References4

Cvelist•added 2011/01/25 6:0 p.m.•18 views

CVE-2011-0641

5.8AI score0.0183EPSS

Exploits0References4

seebug.org•added 2010/08/26 12:0 a.m.•21 views

WordPress 3.0.1 wp-admin/plugins.php模块跨站脚本漏洞

BUGTRAQ ID: 42440 WordPress是一款免费的论坛Blog系统。如果action参数设置为delete-selected，WordPress没有正确地过滤提交给wp-admin/plugins.php的checked0参数便返回给了用户，这允许远程攻击者通过提交恶意参数请求执行反射式跨站脚本攻击。 WordPress 3.0.1 厂商补丁： WordPress --------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://wordpress.org/...

6.9AI score

Exploits0

seebug.org•added 2009/12/31 12:0 a.m.•17 views

WordPress <=2.8.3 wp-admin多个权限绕过漏洞

No description provided by source...

7.1AI score

Exploits0

UbuntuCve•added 2009/11/17 6:30 p.m.•12 views

CVE-2009-3891

Cross-site scripting XSS vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter aka the selection variable...

3.5CVSS5.9AI score0.02101EPSS

Exploits0References1

OpenVAS•added 2009/08/20 12:0 a.m.•112 views

WordPress 'wp-admin' Multiple Vulnerabilities (Aug 2009)

WordPress is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescripti...

10CVSS6.4AI score0.04711EPSS

Exploits3References4

OSV•added 2009/08/18 9:0 p.m.•2 views

DEBIAN-CVE-2009-2853

Wordpress before 2.8.3 allows remote attackers to gain privileges via a direct request to 1 admin-footer.php, 2 edit-category-form.php, 3 edit-form-advanced.php, 4 edit-form-comment.php, 5 edit-link-category-form.php, 6 edit-link-form.php, 7 edit-page-form.php, and 8 edit-tag-form.php in wp-admin...

10CVSS7AI score0.04711EPSS

Exploits3References1

OSV•added 2009/08/18 9:0 p.m.•5 views

CVE-2009-2854

Wordpress before 2.8.3 does not check capabilities for certain actions, which allows remote attackers to make unauthorized edits or additions via a direct request to 1 edit-comments.php, 2 edit-pages.php, 3 edit.php, 4 edit-category-form.php, 5 edit-link-category-form.php, 6 edit-tag-form.php, 7...

6.3AI score

Exploits0References7

Debian CVE•added 2009/08/18 8:41 p.m.•34 views

CVE-2009-2854

6.4CVSS6.6AI score0.02276EPSS

Exploits1

NVD•added 2009/04/28 4:30 p.m.•24 views

CVE-2008-6762

Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto parameter...

4.3CVSS6.4AI score0.02095EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by