CVE-2014-9039

wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message...

CVE-2014-9033

CVE-2014-9033 is a CSRF vulnerability in WordPress affecting wp-login.php that could allow an attacker to hijack a user’s authentication by tricking them into performing a password change. The advisory data lists affected WordPress versions as 3.7.4, 3.8.4, 3.9.2, and 4.0, with remediation indica...

CVE-2014-9039

CVE-2014-9039 affects WordPress versions prior to 4.0.1 for the 4.x line and older 3.x branches: remote password resets could be triggered if an attacker gains access to the email account that received the reset message. The explicit vulnerable ranges are WordPress before 3.7.5, 3.8.x before 3.8....

WordPress <= 4.0.0 - Multiple Vulnerabilities #1

There are multiple vulnerabilities in WordPress wp-login.php, such as cross site scripting, denial of service attacks, hash comparison, SSRF, CSRF. Because of these vulnerabilities, attackers can reset passwords by leveraging access to an e-mail account that received a password-reset message...

WordPress <= 4.0.0 - CSRF

Because of this vulnerability in wp-login.php, the attackers can hijack the authentication of arbitrary users for requests that reset passwords. Solution Update WordPress...

Pie Register - wp-login.php Multiple Parameter XSS

The Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments WordPress plugin was affected by a wp-login.php Multiple Parameter XSS security vulnerability...

WordPress Members Plugin <= 2.8.9 - Reflected XSS

This plugin is prone to a cross site scripting vulnerability in wp-login.php. Solution Update the plugin...

CVE-2013-4954

CVE-2013-4954 concerns the WordPress plugin Pie Register (Genetech Solutions) where the wp-login.php page is vulnerable to multiple parameter XSS (pass1 and pass2) when “Allow New Registrations to set their own Password” is enabled. The issue affects Pie-Register before 1.31; the root cause is im...

WordPress Plugin Pie Register - &#039;wp-login.php&#039; Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/61140/info Pie Register plugin for WordPress is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...

CVE-2012-5913

Cross-site scripting XSS vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirectto parameter to wp-login.php...

Cross site scripting

Cross-site scripting XSS vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirectto parameter to wp-login.php...

CVE-2012-5913

Cross-site scripting XSS vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirectto parameter to wp-login.php...

WordPress Register Plus Plugin Multiple Vulnerabilities

WordPress Register Plus Plugin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2010-4402

The CVE refers to WordPress Register Plus Plugin before or at version 3.5.1, where wp-login.php exposes multiple XSS flaws. The root cause is unsanitized/reflective input in the register action, enabling remote attackers to inject arbitrary script or HTML via the 9 parameters: firstname, lastname...

WordPress Register Plus Plugin <= 3.5.1 - Multiple XSS

Because of these vulnerabilities in wp-login.php, the attackers can inject arbitrary web script or HTML via the "website", "aim", "yahoo", "jabber", "firstname", "lastname", "about", "pass1", and "pass2" parameters in a register action. Solution Update the plugin...

WordPress 1.2 wp-login.php响应拆分攻击漏洞

No description provided by source...

WordPress-MU < 2.8.4 'wp-login.php' Security Bypass Vulnerability

WordPres-MU is prone to a security bypass vulnerability. Copyright C 2009 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

CVE-2009-2762

CVE-2009-2762 affects WordPress ≤ 2.8.3. The vulnerability allows remote attackers to trigger a password reset for the first user (potentially admin) by supplying a key[] array to the resetpass (rp) action, bypassing the check that key is not an array. This is a network‑level exploit with a CVSSv...

WordPress < 2.8.4 'wp-login.php' 'key' Parameter Remote Administrator Password Reset (uncredentialed check)

According to its version number, the version of WordPress running on the remote server has a flaw in the password reset mechanism. Validation of the secret user activation key can be bypassed by providing an array instead of a string. This allows anyone to reset the password of the first user in...

Wordpress 2.7.0 admin remote code execution vulnerability-vulnerability warning-the black bar safety net

by Ryatpuretot mail: puretot at gmail dot com team: http://www.80vul.com date: 2008-12-18 Analysis: This vulnerability out in the background: wp-admin/post.php if currentusercan'editpost', $postID if $last = wpcheckpostlock $post-ID $lastuser = getuserdata $last ; $lastusername = $lastuser ?...