Export limit exceeded: 13656 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (13656 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-4671 2 Adrotateplugin, Wordpress 2 Adrotate, Wordpress 2025-04-11 N/A
SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL).
CVE-2013-2741 2 Ithemes, Wordpress 2 Backupbuddy, Wordpress 2025-04-11 N/A
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct request, (2) step=1 request, (3) step=2 or step=3 request, or (4) step=7 request.
CVE-2011-4669 1 Wordpress 2 Wordpress, Wordpress-users 2025-04-11 N/A
SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the uid parameter to index.php.
CVE-2011-4646 2 Lesterchan, Wordpress 2 Wp-postratings, Wordpress 2025-04-11 N/A
SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information.
CVE-2011-4618 2 Simplerealtytheme, Wordpress 2 Advanced Text Widget Plugin, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2011-4568 2 Foliovision, Wordpress 2 Fv Wordpress Flowplayer Plugin, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in view/frontend-head.php in the Flowplayer plugin before 1.2.12 for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI.
CVE-2013-3479 2 Sharethis, Wordpress 2 Sharethis, Wordpress 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the ShareThis plugin before 7.0.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings.
CVE-2011-4562 2 John Godley, Wordpress 2 Redirection Plugin, Wordpress 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in (1) view/admin/log_item.php and (2) view/admin/log_item_details.php in the Redirection plugin 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist.
CVE-2011-4342 2 Backwpup, Wordpress 2 Backwpup, Wordpress 2025-04-11 N/A
PHP remote file inclusion vulnerability in wp_xml_export.php in the BackWPup plugin before 1.7.2 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter.
CVE-2011-3981 2 Likno, Wordpress 2 Allwebmenus Plugin, Wordpress 2025-04-11 N/A
PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
CVE-2011-3865 2 Ulyssesonline, Wordpress 2 Black-letterhead, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Black-LetterHead theme before 1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
CVE-2011-3864 2 Somadesign, Wordpress 2 The Erudite, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the The Erudite theme before 2.7.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
CVE-2011-3863 2 Post-scriptum, Wordpress 2 Redline, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the RedLine theme before 1.66 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2011-3862 2 Adazing, Wordpress 2 Morning Coffee, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Morning Coffee theme before 3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
CVE-2011-3861 2 Webminimalist, Wordpress 2 Web Minimalist 200901, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Web Minimalist 200901 theme before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
CVE-2011-5216 2 Troyef, Wordpress 2 Scorm Cloud, Wordpress 2025-04-11 N/A
SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress plugin before 1.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the active parameter. NOTE: some of these details are obtained from third party information.
CVE-2011-3860 2 Onedesigns, Wordpress 2 Cover Wp, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2012-5318 2 Kishore Asokan, Wordpress 2 Kish Guest Posting Plugin, Wordpress 2025-04-11 N/A
Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1125.
CVE-2013-2709 2 Crunchify, Wordpress 2 Foursquare-checkins, Wordpress 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the FourSquare Checkins plugin before 1.3 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVE-2013-2707 2 Netweblogic, Wordpress 2 Login With Ajax, Wordpress 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Login With Ajax plugin before 3.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify this plugin's settings.