Wordpress

Wordpress

378 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2010-4536

  • EPSS 3.88%
  • Veröffentlicht 03.01.2011 20:00:43
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersand) character, (2) the case of an attribute name, (...

6

CVE-2010-4257

  • EPSS 3.3%
  • Veröffentlicht 07.12.2010 13:53:29
  • Zuletzt bearbeitet 29.04.2026 01:13:23

SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field.

4

CVE-2010-0682

  • EPSS 24.99%
  • Veröffentlicht 23.02.2010 20:30:00
  • Zuletzt bearbeitet 29.04.2026 01:13:23

WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.

6

CVE-2009-3890

  • EPSS 10.49%
  • Veröffentlicht 17.11.2009 18:30:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated use...

3.5

CVE-2009-3891

  • EPSS 1.04%
  • Veröffentlicht 17.11.2009 18:30:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter (aka the selection variable).

4.3

CVE-2009-3622

Exploit
  • EPSS 8.28%
  • Veröffentlicht 23.10.2009 18:30:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Algorithmic complexity vulnerability in wp-trackback.php in WordPress before 2.8.5 allows remote attackers to cause a denial of service (CPU consumption and server hang) via a long title parameter in conjunction with a charset parameter composed of m...

4.3

CVE-2009-2851

  • EPSS 2.99%
  • Veröffentlicht 18.08.2009 21:00:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Cross-site scripting (XSS) vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL.

10

CVE-2009-2853

Exploit
  • EPSS 1.2%
  • Veröffentlicht 18.08.2009 21:00:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Wordpress before 2.8.3 allows remote attackers to gain privileges via a direct request to (1) admin-footer.php, (2) edit-category-form.php, (3) edit-form-advanced.php, (4) edit-form-comment.php, (5) edit-link-category-form.php, (6) edit-link-form.php...

6.4

CVE-2009-2854

  • EPSS 1.91%
  • Veröffentlicht 18.08.2009 21:00:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Wordpress before 2.8.3 does not check capabilities for certain actions, which allows remote attackers to make unauthorized edits or additions via a direct request to (1) edit-comments.php, (2) edit-pages.php, (3) edit.php, (4) edit-category-form.php,...

7.5

CVE-2009-2762

Exploit
  • EPSS 74.13%
  • Veröffentlicht 13.08.2009 16:30:01
  • Zuletzt bearbeitet 23.04.2026 00:35:47

wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to force a password reset for the first user in the database, possibly the administrator, via a key[] array variable in a resetpass (aka rp) action, which bypasses a check that assum...