Wordpress

Wordpress

361 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.8

CVE-2011-3127

  • EPSS 0.26%
  • Veröffentlicht 10.08.2011 21:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for (1) admin or (2) login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web s...

5

CVE-2011-3128

  • EPSS 1.11%
  • Veröffentlicht 10.08.2011 21:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php.

9.3

CVE-2011-3129

  • EPSS 0.61%
  • Veröffentlicht 10.08.2011 21:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames.

7.5

CVE-2011-3130

  • EPSS 0.52%
  • Veröffentlicht 10.08.2011 21:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Taxonomy query hardening," possibly involving SQL injection.

10

CVE-2011-3122

  • EPSS 1.24%
  • Veröffentlicht 10.08.2011 20:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Media security."

3.5

CVE-2011-0700

  • EPSS 0.79%
  • Veröffentlicht 14.03.2011 19:55:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (1) the Quick/Bulk Edit title (aka post title or post_title), (2) post_status...

4

CVE-2011-0701

  • EPSS 1.56%
  • Veröffentlicht 14.03.2011 19:55:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter.

4.3

CVE-2010-4536

  • EPSS 3.88%
  • Veröffentlicht 03.01.2011 20:00:43
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersand) character, (2) the case of an attribute name, (...

6

CVE-2010-4257

  • EPSS 3.3%
  • Veröffentlicht 07.12.2010 13:53:29
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field.

4

CVE-2010-0682

  • EPSS 25.42%
  • Veröffentlicht 23.02.2010 20:30:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.