Логотип exploitDog
product: "wordpress"
Консоль
Логотип exploitDog

exploitDog

product: "wordpress"
WordPress

WordPressсвободно распространяемая система управления содержимым сайта с открытым исходным кодом.

Релизный цикл, информация об уязвимостях

Продукт: WordPress
Вендор: Wordpress

График релизов

6.36.46.56.66.76.82023202420252026

Недавние уязвимости WordPress

Количество 1 894

github логотип

GHSA-6887-f7jr-vhc9

около 3 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in the configuration page in the Recaptcha (aka WP-reCAPTCHA) plugin 2.9.8.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that disable the CAPTCHA requirement or insert cross-site scripting (XSS) sequences via the (1) recaptcha_opt_pubkey, (2) recaptcha_opt_privkey, (3) re_tabindex, (4) error_blank, (5) error_incorrect, (6) mailhide_pub, (7) mailhide_priv, (8) mh_replace_link, or (9) mh_replace_title parameter.

EPSS: Низкий
github логотип

GHSA-876x-3ww3-wx43

около 3 лет назад

Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter.

EPSS: Низкий
github логотип

GHSA-g7g5-m39g-mq22

около 3 лет назад

Cross-site scripting (XSS) vulnerability in magpie_debug.php in the Twitter Feed plugin (wp-twitter-feed) 0.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.

EPSS: Низкий
github логотип

GHSA-q6m6-4hf5-r4m3

около 3 лет назад

Cross-site scripting (XSS) vulnerability in vodpod-video-gallery/vodpod_gallery_thumbs.php in the Vodpod Video Gallery Plugin 3.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gid parameter.

EPSS: Низкий
github логотип

GHSA-vfm4-3xm4-c9rr

около 3 лет назад

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for (1) admin or (2) login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

EPSS: Низкий
github логотип

GHSA-543p-gmpw-vvc3

около 3 лет назад

wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Taxonomy query hardening," possibly involving SQL injection.

EPSS: Низкий
github логотип

GHSA-vc63-3jgp-qx5q

около 3 лет назад

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote attackers to determine usernames of non-authors via canonical redirects.

EPSS: Низкий
github логотип

GHSA-f5gx-hrrr-h7q3

около 3 лет назад

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php.

EPSS: Низкий
github логотип

GHSA-hvvp-q39h-2h56

около 3 лет назад

Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Media security."

EPSS: Низкий
github логотип

GHSA-q5jq-vm24-cm2f

около 3 лет назад

Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Various security hardening."

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
github логотип
GHSA-6887-f7jr-vhc9

Multiple cross-site request forgery (CSRF) vulnerabilities in the configuration page in the Recaptcha (aka WP-reCAPTCHA) plugin 2.9.8.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that disable the CAPTCHA requirement or insert cross-site scripting (XSS) sequences via the (1) recaptcha_opt_pubkey, (2) recaptcha_opt_privkey, (3) re_tabindex, (4) error_blank, (5) error_incorrect, (6) mailhide_pub, (7) mailhide_priv, (8) mh_replace_link, or (9) mh_replace_title parameter.

0%
Низкий
около 3 лет назад
github логотип
GHSA-876x-3ww3-wx43

Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter.

1%
Низкий
около 3 лет назад
github логотип
GHSA-g7g5-m39g-mq22

Cross-site scripting (XSS) vulnerability in magpie_debug.php in the Twitter Feed plugin (wp-twitter-feed) 0.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.

0%
Низкий
около 3 лет назад
github логотип
GHSA-q6m6-4hf5-r4m3

Cross-site scripting (XSS) vulnerability in vodpod-video-gallery/vodpod_gallery_thumbs.php in the Vodpod Video Gallery Plugin 3.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gid parameter.

4%
Низкий
около 3 лет назад
github логотип
GHSA-vfm4-3xm4-c9rr

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for (1) admin or (2) login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

0%
Низкий
около 3 лет назад
github логотип
GHSA-543p-gmpw-vvc3

wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Taxonomy query hardening," possibly involving SQL injection.

0%
Низкий
около 3 лет назад
github логотип
GHSA-vc63-3jgp-qx5q

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote attackers to determine usernames of non-authors via canonical redirects.

1%
Низкий
около 3 лет назад
github логотип
GHSA-f5gx-hrrr-h7q3

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php.

1%
Низкий
около 3 лет назад
github логотип
GHSA-hvvp-q39h-2h56

Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Media security."

1%
Низкий
около 3 лет назад
github логотип
GHSA-q5jq-vm24-cm2f

Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Various security hardening."

1%
Низкий
около 3 лет назад

Уязвимостей на страницу


Поделиться