Total
578 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4327 | 2 Wordpress, Wpslideshow | 2 Wordpress, Image News Slider | 2024-11-21 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Image News slider plugin before 3.3 for WordPress has unspecified impact and remote attack vectors. | |||||
| CVE-2012-4283 | 2 Netweblogic, Wordpress | 2 Login With Ajax, Wordpress | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Login With Ajax plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter. | |||||
| CVE-2012-4273 | 2 Ppfeufer, Wordpress | 2 2-click-social-media-buttons, Wordpress | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter. | |||||
| CVE-2012-4272 | 2 Ppfeufer, Wordpress | 2 2-click-social-media-buttons, Wordpress | 2024-11-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "processing of the buttons of Xing and Pinterest". | |||||
| CVE-2012-4271 | 2 Mark Jaquith, Wordpress | 2 Bad Behavior, Wordpress | 2024-11-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in bad-behavior-wordpress-admin.php in the Bad Behavior plugin before 2.0.47 and 2.2.x before 2.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) httpbl_key, (3) httpbl_maxage, (4) httpbl_threat, (5) reverse_proxy_addresses, or (6) reverse_proxy_header parameter. | |||||
| CVE-2012-4268 | 2 Ait-pro, Wordpress | 2 Bulletproof-security, Wordpress | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in bulletproof-security/admin/options.php in the BulletProof Security plugin before .47.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_ACCEPT_ENCODING header. | |||||
| CVE-2012-4264 | 2 Bit51, Wordpress | 2 Better-wp-security, Wordpress | 2024-11-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "server variables," a different vulnerability than CVE-2012-4263. | |||||
| CVE-2012-4263 | 2 Bit51, Wordpress | 2 Better-wp-security, Wordpress | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_USER_AGENT header. | |||||
| CVE-2012-4242 | 2 Mf Gig Calendar Project, Wordpress | 2 Mf Gig Calendar, Wordpress | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page. | |||||
| CVE-2012-4033 | 2 Wordpress, Zingiri | 2 Wordpress, Zingiri Web Shop | 2024-11-21 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin before 2.4.0 for WordPress have unknown impact and attack vectors. | |||||
| CVE-2012-3814 | 2 Pippin Williamson, Wordpress | 2 Font Uploader, Wordpress | 2024-11-21 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf extension, then accessing it via a direct request to the file in font-uploader/fonts. | |||||
| CVE-2012-3588 | 1 Wordpress | 2 Plugin Newsletter Plugin, Wordpress | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in preview.php in the Plugin Newsletter plugin 1.5 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the data parameter. | |||||
| CVE-2012-3578 | 1 Wordpress | 2 Fcchat Widget, Wordpress | 2024-11-21 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in html/images. | |||||
| CVE-2012-3577 | 2 Nmedia, Wordpress | 2 Member Conversation, Wordpress | 2024-11-21 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/user_uploads. | |||||
| CVE-2012-3576 | 2 Jquindlen, Wordpress | 2 Wpstorecart, Wordpress | 2024-11-21 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin before 2.5.30 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/wpstorecart. | |||||
| CVE-2012-3575 | 2 Rbx Gallery, Wordpress | 2 Rbx Gallery, Wordpress | 2024-11-21 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/rbxslider. | |||||
| CVE-2012-3574 | 2 Tbelmans, Wordpress | 2 Mm Forms Community, Wordpress | 2024-11-21 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in includes/doajaxfileupload.php in the MM Forms Community plugin 2.2.5 and 2.2.6 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/temp. | |||||
| CVE-2012-3434 | 2 Tom Braider, Wordpress | 2 Count Per Day, Wordpress | 2024-11-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in userperspan.php in the Count Per Day module before 3.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) datemin, or (3) datemax parameter. | |||||
| CVE-2012-3414 | 3 Swfupload Project, Tinymce, Wordpress | 3 Swfupload, Image Manager, Wordpress | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function. | |||||
| CVE-2012-3385 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 5.0 MEDIUM | N/A |
| WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors. | |||||