- EPSS 2.57%
- Veröffentlicht 10.08.2011 20:55:01
- Zuletzt bearbeitet 16.06.2026 23:32:42
Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Media security."
CVE-2011-0700
- EPSS 2.67%
- Veröffentlicht 14.03.2011 19:55:00
- Zuletzt bearbeitet 16.06.2026 23:27:54
Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (1) the Quick/Bulk Edit title (aka post title or post_title), (2) post_status...
- EPSS 3.17%
- Veröffentlicht 14.03.2011 19:55:00
- Zuletzt bearbeitet 16.06.2026 23:27:54
wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter.
CVE-2010-4536
- EPSS 3.45%
- Veröffentlicht 03.01.2011 20:00:43
- Zuletzt bearbeitet 16.06.2026 23:24:59
Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersand) character, (2) the case of an attribute name, (...
- EPSS 3.14%
- Veröffentlicht 07.12.2010 13:53:29
- Zuletzt bearbeitet 16.06.2026 23:24:27
SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field.
- EPSS 9.86%
- Veröffentlicht 23.02.2010 20:30:00
- Zuletzt bearbeitet 16.06.2026 23:16:38
WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.
- EPSS 8.43%
- Veröffentlicht 17.11.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:34
Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated use...
CVE-2009-3891
- EPSS 2.1%
- Veröffentlicht 17.11.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:35
Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter (aka the selection variable).
CVE-2009-3622
- EPSS 5.83%
- Veröffentlicht 23.10.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:02
Algorithmic complexity vulnerability in wp-trackback.php in WordPress before 2.8.5 allows remote attackers to cause a denial of service (CPU consumption and server hang) via a long title parameter in conjunction with a charset parameter composed of m...
CVE-2009-2851
- EPSS 7.91%
- Veröffentlicht 18.08.2009 21:00:00
- Zuletzt bearbeitet 16.06.2026 23:10:21
Cross-site scripting (XSS) vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL.