Export limit exceeded: 46110 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 12314 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12314 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-4277 | 2 Jovelstefan, Wordpress | 2 Embedded-video, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in lembedded-video.php in the Embedded Video plugin 4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the content parameter to wp-admin/post.php. | ||||
| CVE-2010-4257 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field. | ||||
| CVE-2010-3977 | 2 Deliciousdays, Wordpress | 2 Cforms, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters. | ||||
| CVE-2010-2924 | 2 Silvercover, Wordpress | 2 Mylinksdump Plugin, Wordpress | 2025-04-11 | N/A |
| SQL injection vulnerability in myLDlinker.php in the myLinksDump Plugin 1.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the url parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2010-1186 | 2 Alex Rabe, Wordpress | 2 Nextgen Gallery, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the NextGEN Gallery plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter. | ||||
| CVE-2010-0682 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter. | ||||
| CVE-2010-0673 | 2 Copperleaf, Wordpress | 2 Photolog, Wordpress | 2025-04-11 | N/A |
| SQL injection vulnerability in cplphoto.php in the Copperleaf Photolog plugin 0.16, and possibly earlier, for WordPress allows remote attackers to execute arbitrary SQL commands via the postid parameter. | ||||
| CVE-2014-1232 | 2 Foliovision, Wordpress | 2 Foliopress Wysiwyg, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-7279 | 2 Anthony Mills, Wordpress | 2 S3 Video, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in views/video-management/preview_video.php in the S3 Video plugin before 0.983 for WordPress allows remote attackers to inject arbitrary web script or HTML via the base parameter. | ||||
| CVE-2013-7276 | 2 Recommend To A Friend Project, Wordpress | 2 Recommend To A Friend, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in inc/raf_form.php in the Recommend to a friend plugin 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the current_url parameter. | ||||
| CVE-2013-7240 | 2 Westerndeal, Wordpress | 2 Advanced Dewplayer, Wordpress | 2025-04-11 | N/A |
| Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter. | ||||
| CVE-2013-7233 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list. | ||||
| CVE-2013-6993 | 2 Ad-minister Project, Wordpress | 2 Ad-minister, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the key parameter in a delete action to wp-admin/tools.php. | ||||
| CVE-2013-6992 | 2 Askapache, Wordpress | 2 Firefox Adsense, Wordpress | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in askapache-firefox-adsense.php in the AskApache Firefox Adsense plugin 3.0 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the aafireadcode parameter to wp-admin/options-general.php. | ||||
| CVE-2013-6991 | 2 Wokamoto, Wordpress | 2 Wp-cron Dashboard, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard plugin 1.1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the procname parameter to wp-admin/tools.php. | ||||
| CVE-2013-6010 | 2 Wearegumball, Wordpress | 2 Comment-attachment, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Comment Attachment plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Attachment field title." | ||||
| CVE-2013-5963 | 2 Cdsincdesign, Wordpress | 2 Simple Dropbox Upload Form, Wordpress | 2025-04-11 | N/A |
| Unrestricted file upload vulnerability in multi.php in Simple Dropbox Upload plugin before 1.8.8.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/wpdb/. | ||||
| CVE-2013-5961 | 2 Danny Morris, Wordpress | 2 Lazy Seo, Wordpress | 2025-04-11 | N/A |
| Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in lazy-seo/. | ||||
| CVE-2013-5917 | 2 Rodrigo Coimbra, Wordpress | 2 Nospam Pti, Wordpress | 2025-04-11 | N/A |
| SQL injection vulnerability in wp-comments-post.php in the NOSpam PTI plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the comment_post_ID parameter. | ||||
| CVE-2013-5739 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| The default configuration of WordPress before 3.6.1 does not prevent uploads of .swf and .exe files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file, related to the get_allowed_mime_types function in wp-includes/functions.php. | ||||