Wordpress

Wordpress

381 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 3.16%
  • Veröffentlicht 27.06.2012 21:55:02
  • Zuletzt bearbeitet 16.06.2026 23:35:43

The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a crafted ...

Exploit
  • EPSS 2.88%
  • Veröffentlicht 03.05.2012 20:55:03
  • Zuletzt bearbeitet 16.06.2026 23:40:35

The wp_create_nonce function in wp-includes/pluggable.php in WordPress 3.3.1 and earlier associates a nonce with a user account instead of a user session, which might make it easier for remote attackers to conduct cross-site request forgery (CSRF) at...

  • EPSS 8.68%
  • Veröffentlicht 21.04.2012 23:55:01
  • Zuletzt bearbeitet 16.06.2026 23:41:29

Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML vi...

  • EPSS 3.06%
  • Veröffentlicht 21.04.2012 23:55:01
  • Zuletzt bearbeitet 16.06.2026 23:41:29

Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors.

  • EPSS 5.32%
  • Veröffentlicht 21.04.2012 23:55:01
  • Zuletzt bearbeitet 16.06.2026 23:41:29

Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy ...

  • EPSS 2.61%
  • Veröffentlicht 21.04.2012 23:55:01
  • Zuletzt bearbeitet 16.06.2026 23:41:29

wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors.

  • EPSS 2.79%
  • Veröffentlicht 21.04.2012 23:55:01
  • Zuletzt bearbeitet 16.06.2026 23:41:29

wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

  • EPSS 2.72%
  • Veröffentlicht 21.04.2012 23:55:01
  • Zuletzt bearbeitet 16.06.2026 23:41:30

wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

Exploit
  • EPSS 8.07%
  • Veröffentlicht 30.01.2012 17:55:01
  • Zuletzt bearbeitet 16.06.2026 23:38:32

wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attac...

Exploit
  • EPSS 9.55%
  • Veröffentlicht 30.01.2012 17:55:00
  • Zuletzt bearbeitet 16.06.2026 23:35:35

wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it easier for remote a...