WordPress — свободно распространяемая система управления содержимым сайта с открытым исходным кодом.

Релизный цикл, информация об уязвимостях

Продукт: WordPress

Вендор: Wordpress

График релизов

Недавние уязвимости WordPress

Количество 1 896

CVE-2012-2401

больше 13 лет назад

Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPres ...

CVSS2: 5

EPSS: Низкий

CVE-2012-2400

больше 13 лет назад

Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors.

CVSS2: 10

EPSS: Низкий

CVE-2012-2400

больше 13 лет назад

Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress ...

CVSS2: 10

EPSS: Низкий

CVE-2012-2399

больше 13 лет назад

Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414.

CVSS2: 10

EPSS: Низкий

CVE-2012-2399

больше 13 лет назад

Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload ...

CVSS2: 10

EPSS: Низкий

CVE-2012-2400

больше 13 лет назад

Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors.

CVSS2: 10

EPSS: Низкий

CVE-2012-2402

больше 13 лет назад

wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors.

CVSS2: 5.5

EPSS: Низкий

CVE-2012-2404

больше 13 лет назад

wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

CVSS2: 4.3

EPSS: Низкий

CVE-2012-2401

больше 13 лет назад

Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.

CVSS2: 5

EPSS: Низкий

CVE-2012-2403

больше 13 лет назад

wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

CVSS2: 4.3

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2012-2401 Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPres ...	CVSS2: 5	1% Низкий	больше 13 лет назад
CVE-2012-2400 Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors.	CVSS2: 10	2% Низкий	больше 13 лет назад
CVE-2012-2400 Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress ...	CVSS2: 10	2% Низкий	больше 13 лет назад
CVE-2012-2399 Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414.	CVSS2: 10	6% Низкий	больше 13 лет назад
CVE-2012-2399 Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload ...	CVSS2: 10	6% Низкий	больше 13 лет назад
CVE-2012-2400 Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors.	CVSS2: 10	2% Низкий	больше 13 лет назад
CVE-2012-2402 wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors.	CVSS2: 5.5	1% Низкий	больше 13 лет назад
CVE-2012-2404 wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.	CVSS2: 4.3	2% Низкий	больше 13 лет назад
CVE-2012-2401 Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.	CVSS2: 5	1% Низкий	больше 13 лет назад
CVE-2012-2403 wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.	CVSS2: 4.3	3% Низкий	больше 13 лет назад

Уязвимостей на страницу