Wordpress

Wordpress

360 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2012-3384

  • EPSS 0.18%
  • Published 22.07.2012 17:55:03
  • Last modified 11.04.2025 00:51:21

Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

5

CVE-2012-3385

  • EPSS 0.67%
  • Published 22.07.2012 17:55:03
  • Last modified 11.04.2025 00:51:21

WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors.

4.3

CVE-2011-4956

  • EPSS 0.8%
  • Published 27.06.2012 21:55:02
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

5

CVE-2011-4957

  • EPSS 2.06%
  • Published 27.06.2012 21:55:02
  • Last modified 11.04.2025 00:51:21

The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a crafted ...

6.8

CVE-2012-1936

Exploit
  • EPSS 0.58%
  • Published 03.05.2012 20:55:03
  • Last modified 11.04.2025 00:51:21

The wp_create_nonce function in wp-includes/pluggable.php in WordPress 3.3.1 and earlier associates a nonce with a user account instead of a user session, which might make it easier for remote attackers to conduct cross-site request forgery (CSRF) at...

10

CVE-2012-2399

  • EPSS 6.06%
  • Published 21.04.2012 23:55:01
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML vi...

10

CVE-2012-2400

  • EPSS 1.74%
  • Published 21.04.2012 23:55:01
  • Last modified 11.04.2025 00:51:21

Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors.

5

CVE-2012-2401

  • EPSS 1.04%
  • Published 21.04.2012 23:55:01
  • Last modified 11.04.2025 00:51:21

Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy ...

5.5

CVE-2012-2402

  • EPSS 0.93%
  • Published 21.04.2012 23:55:01
  • Last modified 11.04.2025 00:51:21

wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors.

4.3

CVE-2012-2403

  • EPSS 3.13%
  • Published 21.04.2012 23:55:01
  • Last modified 11.04.2025 00:51:21

wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.