CVE-2010-5293
- EPSS 2.53%
- Veröffentlicht 21.01.2014 01:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a sub...
CVE-2010-5294
- EPSS 1.4%
- Veröffentlicht 21.01.2014 01:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
Multiple cross-site scripting (XSS) vulnerabilities in the request_filesystem_credentials function in wp-admin/includes/file.php in WordPress before 3.0.2 allow remote servers to inject arbitrary web script or HTML by providing a crafted error messag...
CVE-2010-5295
- EPSS 1.82%
- Veröffentlicht 21.01.2014 01:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin's author field, which is not properly handled during a Delete Plugin action.
CVE-2010-5296
- EPSS 1.69%
- Veröffentlicht 21.01.2014 01:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrict...
CVE-2010-5297
- EPSS 2.21%
- Veröffentlicht 21.01.2014 01:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunis...
- EPSS 1.78%
- Veröffentlicht 21.01.2014 01:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role.
CVE-2012-6633
- EPSS 2.12%
- Veröffentlicht 21.01.2014 01:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php in WordPress before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via an editable slug field.
CVE-2012-6634
- EPSS 2.5%
- Veröffentlicht 21.01.2014 01:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
wp-admin/media-upload.php in WordPress before 3.3.3 allows remote attackers to obtain sensitive information or bypass intended media-attachment restrictions via a post_id value.
- EPSS 2.12%
- Veröffentlicht 21.01.2014 01:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by visiting a draft.
- EPSS 19.64%
- Veröffentlicht 03.01.2014 18:54:09
- Zuletzt bearbeitet 29.04.2026 01:13:23
Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.