Wordpress

Wordpress

381 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.57%
  • Veröffentlicht 15.05.2025 20:15:59
  • Zuletzt bearbeitet 28.05.2025 15:42:01

The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)

  • EPSS 0.42%
  • Veröffentlicht 13.03.2025 02:15:13
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL Injection via the 'text' and 'id' parameters of the limpia() function in all versions up to, and including, 1.0.8 due to insufficient escaping on the user supplied parameter and la...

  • EPSS 0.5%
  • Veröffentlicht 24.01.2025 18:15:35
  • Zuletzt bearbeitet 23.04.2026 15:25:04

Missing Authorization vulnerability in patreon Patreon WordPress patreon-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Patreon WordPress: from n/a through <= 1.9.1.

  • EPSS 0.49%
  • Veröffentlicht 23.11.2024 10:15:03
  • Zuletzt bearbeitet 12.07.2025 00:29:04

The Wishlist for WooCommerce: Multi Wishlists Per Customer PRO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wtab' parameter in versions 3.0.8 to 3.1.2 due to insufficient input sanitization and output escaping. This m...

  • EPSS 0.46%
  • Veröffentlicht 16.10.2024 07:15:12
  • Zuletzt bearbeitet 30.10.2024 15:58:30

WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it...

  • EPSS 0.38%
  • Veröffentlicht 09.07.2024 11:15:14
  • Zuletzt bearbeitet 23.04.2026 15:18:37

Authentication Bypass by Spoofing vulnerability in patreon Patreon WordPress patreon-connect.This issue affects Patreon WordPress: from n/a through <= 1.9.0.

  • EPSS 0.43%
  • Veröffentlicht 25.06.2024 14:15:11
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, ...

  • EPSS 0.32%
  • Veröffentlicht 25.06.2024 13:15:49
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WordPress allows Stored XSS.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, ...

  • EPSS 0.47%
  • Veröffentlicht 25.06.2024 11:15:50
  • Zuletzt bearbeitet 15.04.2026 00:35:42

WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions prior to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-l...

Exploit
  • EPSS 70.82%
  • Veröffentlicht 03.05.2024 06:15:14
  • Zuletzt bearbeitet 05.01.2026 15:35:42

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with c...