Vulnerabilities (CVE)

Filtered by vendor Wordpress Subscribe
Total 620 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-3858 2 Wordpress, Zespia 2 Wordpress, Pixiv Custom 2024-02-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2011-3865 2 Ulyssesonline, Wordpress 2 Black-letterhead, Wordpress 2024-02-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Black-LetterHead theme before 1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
CVE-2011-3859 2 Themehybrid, Wordpress 2 Trending, Wordpress 2024-02-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
CVE-2011-3854 2 Quirm, Wordpress 2 Zenlite, Wordpress 2024-02-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2011-3863 2 Post-scriptum, Wordpress 2 Redline, Wordpress 2024-02-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the RedLine theme before 1.66 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2011-3862 2 Adazing, Wordpress 2 Morning Coffee, Wordpress 2024-02-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Morning Coffee theme before 3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
CVE-2011-3856 2 Atastypixel, Wordpress 2 Elegant Grunge, Wordpress 2024-02-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme before 1.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2011-3850 2 Bytesforall, Wordpress 2 Atahualpa, Wordpress 2024-02-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Atahualpa theme before 3.6.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2011-3851 2 Devpress, Wordpress 2 News, Wordpress 2024-02-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the News theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
CVE-2011-3864 2 Somadesign, Wordpress 2 The Erudite, Wordpress 2024-02-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the The Erudite theme before 2.7.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
CVE-2007-6013 2 Fedoraproject, Wordpress 2 Fedora, Wordpress 2024-02-09 6.8 MEDIUM 9.8 CRITICAL
Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.
CVE-2016-4029 2 Debian, Wordpress 2 Debian Linux, Wordpress 2024-02-08 5.0 MEDIUM 8.6 HIGH
WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address.
CVE-2005-1688 1 Wordpress 1 Wordpress 2023-12-28 5.0 MEDIUM N/A
Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message.
CVE-2012-6527 2 Joedolson, Wordpress 2 My Calendar, Wordpress 2023-12-26 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in the My Calendar plugin before 1.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2023-38000 1 Wordpress 2 Gutenberg, Wordpress 2023-12-10 N/A 5.4 MEDIUM
Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin <= 16.8.0 versions.
CVE-2023-5561 1 Wordpress 1 Wordpress 2023-12-10 N/A 5.3 MEDIUM
WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack
CVE-2023-2745 1 Wordpress 1 Wordpress 2023-12-10 N/A 5.4 MEDIUM
WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.
CVE-2022-47174 1 Wordpress 1 Performance Lab 2023-12-10 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in WordPress Performance Team Performance Lab plugin <= 2.2.0 versions.
CVE-2022-47161 1 Wordpress 1 Health Check \& Troubleshooting 2023-12-10 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in The WordPress.Org community Health Check & Troubleshooting plugin <= 1.5.1 versions.
CVE-2022-3590 1 Wordpress 1 Wordpress 2023-12-10 N/A 5.9 MEDIUM
WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden.