Логотип exploitDog
product: "wordpress"
Консоль
Логотип exploitDog

exploitDog

product: "wordpress"
WordPress

WordPressсвободно распространяемая система управления содержимым сайта с открытым исходным кодом.

Релизный цикл, информация об уязвимостях

Продукт: WordPress
Вендор: Wordpress

График релизов

6.46.56.66.76.86.920232024202520262027

Недавние уязвимости WordPress

Количество 1 906

nvd логотип

CVE-2012-6313

около 13 лет назад

simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2012-6312

около 13 лет назад

Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2012-5913

около 13 лет назад

Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2012-5856

около 13 лет назад

Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka uk-cookie) plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2011-5226

больше 13 лет назад

Cross-site request forgery (CSRF) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to hijack the authentication of an administrator for requests that trigger snapshots.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2011-5225

больше 13 лет назад

Cross-site scripting (XSS) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2011-5224

больше 13 лет назад

SQL injection vulnerability in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2011-5216

больше 13 лет назад

SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress plugin before 1.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the active parameter. NOTE: some of these details are obtained from third party information.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2012-5388

больше 13 лет назад

Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, a related issue to CVE-2012-5387.

CVSS2: 3.5
EPSS: Низкий
nvd логотип

CVE-2012-5387

больше 13 лет назад

Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences.

CVSS2: 6.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
nvd логотип
CVE-2012-6313

simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace.

CVSS2: 5
7%
Низкий
около 13 лет назад
nvd логотип
CVE-2012-6312

Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php.

CVSS2: 4.3
1%
Низкий
около 13 лет назад
nvd логотип
CVE-2012-5913

Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php.

CVSS2: 4.3
1%
Низкий
около 13 лет назад
nvd логотип
CVE-2012-5856

Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka uk-cookie) plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS2: 4.3
0%
Низкий
около 13 лет назад
nvd логотип
CVE-2011-5226

Cross-site request forgery (CSRF) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to hijack the authentication of an administrator for requests that trigger snapshots.

CVSS2: 6.8
0%
Низкий
больше 13 лет назад
nvd логотип
CVE-2011-5225

Cross-site scripting (XSS) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVSS2: 4.3
0%
Низкий
больше 13 лет назад
nvd логотип
CVE-2011-5224

SQL injection vulnerability in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS2: 7.5
1%
Низкий
больше 13 лет назад
nvd логотип
CVE-2011-5216

SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress plugin before 1.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the active parameter. NOTE: some of these details are obtained from third party information.

CVSS2: 7.5
1%
Низкий
больше 13 лет назад
nvd логотип
CVE-2012-5388

Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, a related issue to CVE-2012-5387.

CVSS2: 3.5
0%
Низкий
больше 13 лет назад
nvd логотип
CVE-2012-5387

Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences.

CVSS2: 6.8
2%
Низкий
больше 13 лет назад

Уязвимостей на страницу

Поделиться