Wordpress

Wordpress

360 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2014-9033

  • EPSS 0.8%
  • Published 25.11.2014 23:59:03
  • Last modified 12.04.2025 10:46:40

Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0 allows remote attackers to hijack the authentication of arbitrary users for requests that reset passwords.

4.3

CVE-2014-9032

  • EPSS 0.42%
  • Published 25.11.2014 23:59:02
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the media-playlists feature in WordPress before 3.9.x before 3.9.3 and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3

CVE-2014-9031

  • EPSS 0.49%
  • Published 25.11.2014 23:59:01
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text ...

7.5

CVE-2003-1599

Exploit
  • EPSS 0.91%
  • Published 27.10.2014 20:55:07
  • Last modified 12.04.2025 10:46:40

PHP remote file inclusion vulnerability in wp-links/links.all.php in WordPress 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the $abspath variable.

7.5

CVE-2003-1598

  • EPSS 1.08%
  • Published 01.10.2014 14:55:08
  • Last modified 12.04.2025 10:46:40

SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.

2.1

CVE-2014-5240

  • EPSS 0.63%
  • Published 18.08.2014 11:15:27
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a cr...

5

CVE-2014-5265

  • EPSS 7.02%
  • Published 18.08.2014 11:15:27
  • Last modified 12.04.2025 10:46:40

The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of...

5

CVE-2014-5266

  • EPSS 76.31%
  • Published 18.08.2014 11:15:27
  • Last modified 12.04.2025 10:46:40

The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption...

7.5

CVE-2014-5203

  • EPSS 6.44%
  • Published 18.08.2014 11:15:26
  • Last modified 12.04.2025 10:46:40

wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data.

6.8

CVE-2014-5204

  • EPSS 0.23%
  • Published 18.08.2014 11:15:26
  • Last modified 12.04.2025 10:46:40

wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a b...