Wordpress

Wordpress

381 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 3.84%
  • Veröffentlicht 30.12.2013 04:53:07
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to th...

Exploit
  • EPSS 7.49%
  • Veröffentlicht 12.09.2013 13:30:13
  • Zuletzt bearbeitet 29.04.2026 01:13:23

WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string.

Exploit
  • EPSS 2.63%
  • Veröffentlicht 12.09.2013 13:30:13
  • Zuletzt bearbeitet 29.04.2026 01:13:23

wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified user_ID parameter.

  • EPSS 2.36%
  • Veröffentlicht 12.09.2013 13:30:13
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The get_allowed_mime_types function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfiltered_html capability for uploads of .htm and .html files, which might make it easier for remote authenticated users to conduct cross...

Exploit
  • EPSS 1.76%
  • Veröffentlicht 12.09.2013 13:30:13
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The default configuration of WordPress before 3.6.1 does not prevent uploads of .swf and .exe files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file, related to the get_allowe...

Exploit
  • EPSS 8.75%
  • Veröffentlicht 12.09.2013 13:28:37
  • Zuletzt bearbeitet 29.04.2026 01:13:23

wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP unserialize operations.

Exploit
  • EPSS 9.09%
  • Veröffentlicht 19.07.2013 14:36:31
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movie...

  • EPSS 2.04%
  • Veröffentlicht 08.07.2013 20:55:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The HTTP API in WordPress before 3.5.2 allows remote attackers to send HTTP requests to intranet servers via unspecified vectors, related to a Server-Side Request Forgery (SSRF) issue, a similar vulnerability to CVE-2013-0235.

  • EPSS 1.77%
  • Veröffentlicht 08.07.2013 20:55:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

WordPress before 3.5.2 does not properly check the capabilities of roles, which allows remote authenticated users to bypass intended restrictions on publishing and authorship reassignment via unspecified vectors.

  • EPSS 2.11%
  • Veröffentlicht 08.07.2013 20:55:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) uploads of media files, (2) editing of media files, (3) installation of plugins, (4)...