Total
578 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3858 | 2 Wordpress, Zespia | 2 Wordpress, Pixiv Custom | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2011-3857 | 2 Antisocialmediallc, Wordpress | 2 Antisnews, Wordpress | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Antisnews theme before 1.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2011-3856 | 2 Atastypixel, Wordpress | 2 Elegant Grunge, Wordpress | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme before 1.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2011-3855 | 2 Graphpaperpress, Wordpress | 2 F8 Lite, Wordpress | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2011-3854 | 2 Quirm, Wordpress | 2 Zenlite, Wordpress | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2011-3853 | 2 Themehybrid, Wordpress | 2 Hybrid, Wordpress | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Hybrid theme before 0.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. | |||||
| CVE-2011-3852 | 2 Theme4press, Wordpress | 2 Evolve, Wordpress | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2011-3851 | 2 Devpress, Wordpress | 2 News, Wordpress | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the News theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. | |||||
| CVE-2011-3850 | 2 Bytesforall, Wordpress | 2 Atahualpa, Wordpress | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Atahualpa theme before 3.6.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2011-3818 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 5.0 MEDIUM | N/A |
| WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by wp-admin/includes/user.php and certain other files. | |||||
| CVE-2011-3130 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 7.5 HIGH | N/A |
| wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Taxonomy query hardening," possibly involving SQL injection. | |||||
| CVE-2011-3129 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 9.3 HIGH | N/A |
| The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames. | |||||
| CVE-2011-3128 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 5.0 MEDIUM | N/A |
| WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php. | |||||
| CVE-2011-3127 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 5.8 MEDIUM | N/A |
| WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for (1) admin or (2) login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | |||||
| CVE-2011-3126 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 5.0 MEDIUM | N/A |
| WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote attackers to determine usernames of non-authors via canonical redirects. | |||||
| CVE-2011-3125 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 10.0 HIGH | N/A |
| Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Various security hardening." | |||||
| CVE-2011-3122 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 10.0 HIGH | N/A |
| Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Media security." | |||||
| CVE-2011-1762 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission. | |||||
| CVE-2011-1669 | 2 Mikoviny, Wordpress | 2 Wp Custom Pages, Wordpress | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter. | |||||
| CVE-2011-1047 | 2 Vasthtml, Wordpress | 2 Forum Server, Wordpress | 2024-11-21 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to index.php, which is not properly handled by wpf.class.php, (2) id parameter in an editpost action to index.php, which is not properly handled by wpf-post.php, or (3) topic parameter to feed.php. | |||||