Wordpress

Wordpress

363 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.4

CVE-2013-0235

Exploit
  • EPSS 65.28%
  • Veröffentlicht 08.07.2013 20:55:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue.

4.3

CVE-2013-0236

Exploit
  • EPSS 0.42%
  • Veröffentlicht 08.07.2013 20:55:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) gallery shortcodes or (2) the content of a post.

4.3

CVE-2013-0237

Exploit
  • EPSS 0.43%
  • Veröffentlicht 08.07.2013 20:55:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3

CVE-2013-2173

Exploit
  • EPSS 1.68%
  • Veröffentlicht 21.06.2013 13:57:25
  • Zuletzt bearbeitet 11.04.2025 00:51:21

wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service (CPU consumption) via a crafted value of a certain wp-postpass cookie.

2.6

CVE-2012-6527

Exploit
  • EPSS 0.36%
  • Veröffentlicht 31.01.2013 05:44:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the My Calendar plugin before 1.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

2.6

CVE-2012-5868

  • EPSS 0.65%
  • Veröffentlicht 27.12.2012 11:47:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.

7.5

CVE-2011-5216

Exploit
  • EPSS 0.48%
  • Veröffentlicht 25.10.2012 17:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress plugin before 1.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the active parameter. NOTE: some of these details are obtained from third party info...

6.8

CVE-2012-4448

Exploit
  • EPSS 0.15%
  • Veröffentlicht 28.09.2012 21:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboard_incoming_links edit action.

6.5

CVE-2010-5106

Exploit
  • EPSS 0.3%
  • Veröffentlicht 14.09.2012 19:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging th...

4

CVE-2012-4421

Exploit
  • EPSS 0.2%
  • Veröffentlicht 14.09.2012 19:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Con...