Wordpress

Wordpress

361 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2012-6633

  • EPSS 0.39%
  • Veröffentlicht 21.01.2014 01:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php in WordPress before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via an editable slug field.

6.4

CVE-2012-6634

  • EPSS 0.81%
  • Veröffentlicht 21.01.2014 01:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

wp-admin/media-upload.php in WordPress before 3.3.3 allows remote attackers to obtain sensitive information or bypass intended media-attachment restrictions via a post_id value.

4

CVE-2012-6635

  • EPSS 0.69%
  • Veröffentlicht 21.01.2014 01:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by visiting a draft.

5

CVE-2013-7240

Exploit
  • EPSS 73.63%
  • Veröffentlicht 03.01.2014 18:54:09
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.

6.8

CVE-2013-7233

  • EPSS 0.69%
  • Veröffentlicht 30.12.2013 04:53:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to th...

7.5

CVE-2013-4339

Exploit
  • EPSS 0.88%
  • Veröffentlicht 12.09.2013 13:30:13
  • Zuletzt bearbeitet 11.04.2025 00:51:21

WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string.

3.5

CVE-2013-4340

Exploit
  • EPSS 0.98%
  • Veröffentlicht 12.09.2013 13:30:13
  • Zuletzt bearbeitet 11.04.2025 00:51:21

wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified user_ID parameter.

4.3

CVE-2013-5738

  • EPSS 0.72%
  • Veröffentlicht 12.09.2013 13:30:13
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The get_allowed_mime_types function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfiltered_html capability for uploads of .htm and .html files, which might make it easier for remote authenticated users to conduct cross...

3.5

CVE-2013-5739

Exploit
  • EPSS 0.25%
  • Veröffentlicht 12.09.2013 13:30:13
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The default configuration of WordPress before 3.6.1 does not prevent uploads of .swf and .exe files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file, related to the get_allowe...

7.5

CVE-2013-4338

Exploit
  • EPSS 9.59%
  • Veröffentlicht 12.09.2013 13:28:37
  • Zuletzt bearbeitet 11.04.2025 00:51:21

wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP unserialize operations.