Wordpress

Wordpress

360 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2012-2404

  • EPSS 2.33%
  • Published 21.04.2012 23:55:01
  • Last modified 11.04.2025 00:51:21

wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

5

CVE-2012-0937

Exploit
  • EPSS 7.6%
  • Published 30.01.2012 17:55:01
  • Last modified 11.04.2025 00:51:21

wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attac...

5

CVE-2011-4898

Exploit
  • EPSS 9.3%
  • Published 30.01.2012 17:55:00
  • Last modified 11.04.2025 00:51:21

wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it easier for remote a...

7.5

CVE-2011-4899

Exploit
  • EPSS 5.98%
  • Published 30.01.2012 17:55:00
  • Last modified 11.04.2025 00:51:21

wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbnam...

4.3

CVE-2012-0782

Exploit
  • EPSS 1.39%
  • Published 30.01.2012 17:55:00
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname p...

2.6

CVE-2012-0287

Exploit
  • EPSS 0.6%
  • Published 06.01.2012 04:01:26
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not prop...

5

CVE-2011-3818

  • EPSS 0.51%
  • Published 24.09.2011 00:55:03
  • Last modified 11.04.2025 00:51:21

WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by wp-admin/includes/user.php and certain other files.

10

CVE-2011-3125

  • EPSS 1.13%
  • Published 10.08.2011 21:55:02
  • Last modified 11.04.2025 00:51:21

Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Various security hardening."

5

CVE-2011-3126

  • EPSS 0.97%
  • Published 10.08.2011 21:55:02
  • Last modified 11.04.2025 00:51:21

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote attackers to determine usernames of non-authors via canonical redirects.

5.8

CVE-2011-3127

  • EPSS 0.26%
  • Published 10.08.2011 21:55:02
  • Last modified 11.04.2025 00:51:21

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for (1) admin or (2) login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web s...