CVE-2011-5216
- EPSS 2.43%
- Veröffentlicht 25.10.2012 17:55:03
- Zuletzt bearbeitet 16.06.2026 23:36:09
SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress plugin before 1.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the active parameter. NOTE: some of these details are obtained from third party info...
CVE-2012-4448
- EPSS 1.15%
- Veröffentlicht 28.09.2012 21:55:01
- Zuletzt bearbeitet 16.06.2026 23:45:07
Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboard_incoming_links edit action.
CVE-2010-5106
- EPSS 2.18%
- Veröffentlicht 14.09.2012 19:55:01
- Zuletzt bearbeitet 16.06.2026 23:26:09
The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging th...
- EPSS 1.9%
- Veröffentlicht 14.09.2012 19:55:01
- Zuletzt bearbeitet 16.06.2026 23:44:59
The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Con...
CVE-2012-4422
- EPSS 1.68%
- Veröffentlicht 14.09.2012 19:55:01
- Zuletzt bearbeitet 16.06.2026 23:44:59
wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated user...
CVE-2012-4271
- EPSS 2.05%
- Veröffentlicht 13.08.2012 22:55:01
- Zuletzt bearbeitet 16.06.2026 23:44:45
Multiple cross-site scripting (XSS) vulnerabilities in bad-behavior-wordpress-admin.php in the Bad Behavior plugin before 2.0.47 and 2.2.x before 2.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO,...
CVE-2012-3383
- EPSS 3.1%
- Veröffentlicht 22.07.2012 17:55:03
- Zuletzt bearbeitet 16.06.2026 23:43:06
The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended acce...
CVE-2012-3384
- EPSS 1.24%
- Veröffentlicht 22.07.2012 17:55:03
- Zuletzt bearbeitet 16.06.2026 23:43:07
Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
- EPSS 1.9%
- Veröffentlicht 22.07.2012 17:55:03
- Zuletzt bearbeitet 16.06.2026 23:43:07
WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors.
CVE-2011-4956
- EPSS 2.51%
- Veröffentlicht 27.06.2012 21:55:02
- Zuletzt bearbeitet 16.06.2026 23:35:43
Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.