Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

384 matches found

Patchstack
Patchstackadded 2009/04/28 12:0 a.m.27 views

WordPress <= 2.6.9 - Open Redirection

Because of this vulnerability in wp-admin/upgrade.php, the attackers can redirect users to arbitrary web sites and conduct phishing attacks via a URL in the "backto" parameter. Solution Update WordPress...

4.3CVSS5.1AI score0.02095EPSS
Exploits1References1Affected Software1
Prion
Prionadded 2008/03/12 5:44 p.m.14 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the 1 inviteemail parameter in an invite action to wp-admin/users.php and the 2 to parameter in a sent action to wp-admin/invites.php...

4.3CVSS6AI score0.04998EPSS
Exploits0References7Affected Software1
NVD
NVDadded 2008/03/12 5:44 p.m.21 views

CVE-2008-1304

Multiple cross-site scripting XSS vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the 1 inviteemail parameter in an invite action to wp-admin/users.php and the 2 to parameter in a sent action to wp-admin/invites.php...

4.3CVSS5.7AI score0.04998EPSS
Exploits0References7
CVE
CVEadded 2008/03/12 5:0 p.m.43 views

CVE-2008-1304

CVE-2008-1304 concerns WordPress 2.3.2, which is affected by multiple XSS vulnerabilities in two parameters: (1) inviteemail in wp-admin/users.php (invite action) and (2) the to parameter in a sent action to wp-admin/invites.php. The underlying issue is cross-site scripting that could allow remot...

4.3CVSS5.8AI score0.04998EPSS
Exploits0References7Affected Software1
exploitpack
exploitpackadded 2008/02/05 12:0 a.m.13 views

WordPress MU 1.3.2 - active_plugins option Code Execution

WordPress MU 1.3.2 - activeplugins option Code Execution Website : http://www.buayacorp.com/ Advisory: http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html This exploit uses activeplugins option to execute arbitrary PHP / includeonce './class-snoopy.php'; // Fix Snoopy cla...

Exploits0
UbuntuCve
UbuntuCveadded 2008/01/10 12:46 a.m.29 views

CVE-2008-0193

Cross-site scripting XSS vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php...

4.3CVSS6AI score0.03967EPSS
Exploits1References1
OSV
OSVadded 2008/01/10 12:46 a.m.2 views

DEBIAN-CVE-2008-0195

WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages...

5CVSS6.7AI score0.0331EPSS
Exploits1References1
Prion
Prionadded 2008/01/10 12:46 a.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php...

4.3CVSS6.2AI score0.03967EPSS
Exploits1References8Affected Software1
Prion
Prionadded 2008/01/10 12:46 a.m.28 views

Directory traversal

Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. dot dot in 1 the page parameter to certain PHP scripts under wp-admin/ or 2 the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path...

5CVSS7.3AI score0.03424EPSS
Exploits6References11Affected Software1
NVD
NVDadded 2008/01/10 12:46 a.m.27 views

CVE-2008-0193

Cross-site scripting XSS vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php...

4.3CVSS5.7AI score0.03967EPSS
Exploits1References8
OSV
OSVadded 2008/01/10 12:46 a.m.6 views

DEBIAN-CVE-2008-0196

Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. dot dot in 1 the page parameter to certain PHP scripts under wp-admin/ or 2 the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path...

5CVSS7.1AI score0.03424EPSS
Exploits6References1
Debian CVE
Debian CVEadded 2008/01/10 12:0 a.m.26 views

CVE-2008-0193

Cross-site scripting XSS vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php...

4.3CVSS4.5AI score0.03967EPSS
Exploits1
Patchstack
Patchstackadded 2008/01/09 12:0 a.m.20 views

WordPress <= 2.0.11 - Multiple Vulnerabilities

Because of these vulnerabilities, the attackers can obtain sensitive information via an empty value of the "page" parameter to certain PHP scripts under wp-admin/. Solution Update WordPress...

5CVSS3.6AI score0.0331EPSS
Exploits1References1Affected Software1
Prion
Prionadded 2007/10/30 7:46 p.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in wp-admin/edit-post-rows.php in WordPress 2.3 allows remote attackers to inject arbitrary web script or HTML via the postscolumns array parameter...

2.6CVSS5.9AI score0.07003EPSS
Exploits0References8Affected Software1
Cvelist
Cvelistadded 2007/06/15 1:0 a.m.28 views

CVE-2007-3238

Cross-site scripting XSS vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATHINFO REQUESTURI to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not...

5AI score0.02EPSS
Exploits0References12
CVE
CVEadded 2007/06/15 1:0 a.m.67 views

CVE-2007-3238

CVE-2007-3238 is a cross-site scripting (XSS) vulnerability in the default WordPress theme’s functions.php on WordPress 2.2. It allows remote authenticated administrators to inject arbitrary script/HTML via PATH_INFO (REQUEST_URI) to wp-admin/themes.php. Some configurations may not elevate privil...

6CVSS5AI score0.02EPSS
Exploits0References12Affected Software1
Tenable Nessus
Tenable Nessusadded 2007/05/23 12:0 a.m.42 views

WordPress check_ajax_referer() Function SQL Injection

The version of WordPress on the remote host fails to properly sanitize input to the 'cookie' parameter of the 'wp-admin/admin-ajax.php' script before using it in the 'checkajaxreferer' function in database queries. Regardless of PHP's 'magicquotesgpc' setting, an unauthenticated, remote attacker...

7.5CVSS5.5AI score0.052EPSS
Exploits1References3
UbuntuCve
UbuntuCveadded 2007/05/22 9:30 p.m.27 views

CVE-2007-2821

SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter...

7.5CVSS6.2AI score0.052EPSS
Exploits1References1
Debian CVE
Debian CVEadded 2007/05/22 9:0 p.m.25 views

CVE-2007-2821

SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter...

7.5CVSS7.6AI score0.052EPSS
Exploits1
OSV
OSVadded 2007/03/23 12:19 a.m.2 views

DEBIAN-CVE-2007-1622

Cross-site scripting XSS vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATHINFO in the administration interface, related to loose...

4.3CVSS5.6AI score0.05778EPSS
Exploits1References1
Rows per page
Query Builder