Export limit exceeded: 14138 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (14138 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-0895 2 Tom Braider, Wordpress 2 Count Per Day, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter.
CVE-2013-5917 2 Rodrigo Coimbra, Wordpress 2 Nospam Pti, Wordpress 2025-04-11 N/A
SQL injection vulnerability in wp-comments-post.php in the NOSpam PTI plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the comment_post_ID parameter.
CVE-2012-3385 1 Wordpress 1 Wordpress 2025-04-11 N/A
WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors.
CVE-2011-3981 2 Likno, Wordpress 2 Allwebmenus Plugin, Wordpress 2025-04-11 N/A
PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
CVE-2013-1464 2 Doryphores, Wordpress 2 Audio Player, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in assets/player.swf in the Audio Player plugin before 2.0.4.6 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the playerID parameter.
CVE-2012-4242 2 Mf Gig Calendar Project, Wordpress 2 Mf Gig Calendar, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.
CVE-2012-3384 1 Wordpress 1 Wordpress 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2011-3818 1 Wordpress 1 Wordpress 2025-04-11 N/A
WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by wp-admin/includes/user.php and certain other files.
CVE-2011-4803 2 Bravenewcode, Wordpress 2 Wptouch, Wordpress 2025-04-11 N/A
SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2013-3479 2 Sharethis, Wordpress 2 Sharethis, Wordpress 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the ShareThis plugin before 7.0.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings.
CVE-2011-4926 2 Bueltge, Wordpress 2 Adminimize, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2012-4448 1 Wordpress 1 Wordpress 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboard_incoming_links edit action.
CVE-2012-6635 1 Wordpress 1 Wordpress 2025-04-11 N/A
wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by visiting a draft.
CVE-2012-4033 2 Wordpress, Zingiri 2 Wordpress, Zingiri Web Shop 2025-04-11 N/A
Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin before 2.4.0 for WordPress have unknown impact and attack vectors.
CVE-2010-4875 2 Wordpress, Xondie 2 Wordpress, Vodpod Video Gallery 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in vodpod-video-gallery/vodpod_gallery_thumbs.php in the Vodpod Video Gallery Plugin 3.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gid parameter.
CVE-2023-22622 1 Wordpress 1 Wordpress 2025-04-07 5.3 Medium
WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not receive enough visits to execute scheduled tasks in a timely manner," but neither the installation guide nor the security guide mentions this default behavior, or alerts the user about security risks on installations with very few visits.
CVE-2024-1279 2 Strangerstudios, Wordpress 2 Paid Memberships Pro, Paid Memberships Pro 2025-03-28 4.3 Medium
The Paid Memberships Pro WordPress plugin before 2.12.9 does not prevent user with at least the contributor role from leaking other users' sensitive metadata.
CVE-2023-39999 2 Fedoraproject, Wordpress 2 Fedora, Wordpress 2025-02-13 4.3 Medium
Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38.
CVE-2022-47161 1 Wordpress 1 Health Check \& Troubleshooting 2025-01-08 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in The WordPress.Org community Health Check & Troubleshooting plugin <= 1.5.1 versions.
CVE-2022-47174 1 Wordpress 1 Performance Lab 2025-01-08 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WordPress Performance Team Performance Lab plugin <= 2.2.0 versions.