WordPress — свободно распространяемая система управления содержимым сайта с открытым исходным кодом.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 896
CVE-2012-4264
Multiple cross-site scripting (XSS) vulnerabilities in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "server variables," a different vulnerability than CVE-2012-4263.
CVE-2012-4263
Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_USER_AGENT header.
CVE-2012-2371
Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter.
CVE-2012-3385
WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors.
CVE-2012-3385
WordPress before 3.4.1 does not properly restrict access to post conte ...
CVE-2012-3384
Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2012-3384
Cross-site request forgery (CSRF) vulnerability in the customizer in W ...
CVE-2012-3383
The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks by leveraging the Administrator or Editor role and composing crafted text.
CVE-2012-3383
The map_meta_cap function in wp-includes/capabilities.php in WordPress ...
CVE-2012-3385
WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2012-4264 Multiple cross-site scripting (XSS) vulnerabilities in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "server variables," a different vulnerability than CVE-2012-4263. | CVSS2: 4.3 | 0% Низкий | около 13 лет назад |
| CVE-2012-4263 Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_USER_AGENT header. | CVSS2: 4.3 | 0% Низкий | около 13 лет назад |
| CVE-2012-2371 Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter. | CVSS2: 4.3 | 4% Низкий | около 13 лет назад |
| CVE-2012-3385 WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors. | CVSS2: 5 | 1% Низкий | больше 13 лет назад |
| CVE-2012-3385 WordPress before 3.4.1 does not properly restrict access to post conte ... | CVSS2: 5 | 1% Низкий | больше 13 лет назад |
| CVE-2012-3384 Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | CVSS2: 6.8 | 0% Низкий | больше 13 лет назад |
| CVE-2012-3384 Cross-site request forgery (CSRF) vulnerability in the customizer in W ... | CVSS2: 6.8 | 0% Низкий | больше 13 лет назад |
| CVE-2012-3383 The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks by leveraging the Administrator or Editor role and composing crafted text. | CVSS2: 2.6 | 0% Низкий | больше 13 лет назад |
| CVE-2012-3383 The map_meta_cap function in wp-includes/capabilities.php in WordPress ... | CVSS2: 2.6 | 0% Низкий | больше 13 лет назад |
 | CVE-2012-3385 WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors. | CVSS2: 5 | 1% Низкий | больше 13 лет назад |
Уязвимостей на страницу