Wordpress

Wordpress

360 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2011-3128

  • EPSS 1.11%
  • Veröffentlicht 10.08.2011 21:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php.

9.3

CVE-2011-3129

  • EPSS 0.61%
  • Veröffentlicht 10.08.2011 21:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames.

7.5

CVE-2011-3130

  • EPSS 0.52%
  • Veröffentlicht 10.08.2011 21:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Taxonomy query hardening," possibly involving SQL injection.

10

CVE-2011-3122

  • EPSS 1.24%
  • Veröffentlicht 10.08.2011 20:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Media security."

3.5

CVE-2011-0700

  • EPSS 0.79%
  • Veröffentlicht 14.03.2011 19:55:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (1) the Quick/Bulk Edit title (aka post title or post_title), (2) post_status...

4

CVE-2011-0701

  • EPSS 1.56%
  • Veröffentlicht 14.03.2011 19:55:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter.

4.3

CVE-2010-4536

  • EPSS 3.88%
  • Veröffentlicht 03.01.2011 20:00:43
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersand) character, (2) the case of an attribute name, (...

6

CVE-2010-4257

  • EPSS 3.3%
  • Veröffentlicht 07.12.2010 13:53:29
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field.

4

CVE-2010-0682

  • EPSS 25.42%
  • Veröffentlicht 23.02.2010 20:30:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.

6

CVE-2009-3890

  • EPSS 10.49%
  • Veröffentlicht 17.11.2009 18:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated use...