CVE-2011-4899
- EPSS 8.98%
- Veröffentlicht 30.01.2012 17:55:00
- Zuletzt bearbeitet 16.06.2026 23:35:35
wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbnam...
CVE-2012-0782
- EPSS 3.75%
- Veröffentlicht 30.01.2012 17:55:00
- Zuletzt bearbeitet 16.06.2026 23:38:15
Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname p...
CVE-2012-0287
- EPSS 2.63%
- Veröffentlicht 06.01.2012 04:01:26
- Zuletzt bearbeitet 16.06.2026 23:37:02
Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not prop...
- EPSS 2.27%
- Veröffentlicht 24.09.2011 00:55:03
- Zuletzt bearbeitet 16.06.2026 23:33:58
WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by wp-admin/includes/user.php and certain other files.
- EPSS 2.44%
- Veröffentlicht 10.08.2011 21:55:02
- Zuletzt bearbeitet 16.06.2026 23:32:42
Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Various security hardening."
- EPSS 2.21%
- Veröffentlicht 10.08.2011 21:55:02
- Zuletzt bearbeitet 16.06.2026 23:32:42
WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote attackers to determine usernames of non-authors via canonical redirects.
CVE-2011-3127
- EPSS 1.53%
- Veröffentlicht 10.08.2011 21:55:02
- Zuletzt bearbeitet 16.06.2026 23:32:42
WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for (1) admin or (2) login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web s...
- EPSS 2.45%
- Veröffentlicht 10.08.2011 21:55:02
- Zuletzt bearbeitet 16.06.2026 23:32:42
WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php.
CVE-2011-3129
- EPSS 2.02%
- Veröffentlicht 10.08.2011 21:55:02
- Zuletzt bearbeitet 16.06.2026 23:32:43
The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames.
CVE-2011-3130
- EPSS 1.6%
- Veröffentlicht 10.08.2011 21:55:02
- Zuletzt bearbeitet 16.06.2026 23:32:43
wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Taxonomy query hardening," possibly involving SQL injection.