Wordpress

Wordpress

381 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.57%
  • Veröffentlicht 10.08.2011 20:55:01
  • Zuletzt bearbeitet 16.06.2026 23:32:42

Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Media security."

  • EPSS 2.67%
  • Veröffentlicht 14.03.2011 19:55:00
  • Zuletzt bearbeitet 16.06.2026 23:27:54

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (1) the Quick/Bulk Edit title (aka post title or post_title), (2) post_status...

  • EPSS 3.17%
  • Veröffentlicht 14.03.2011 19:55:00
  • Zuletzt bearbeitet 16.06.2026 23:27:54

wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter.

  • EPSS 3.45%
  • Veröffentlicht 03.01.2011 20:00:43
  • Zuletzt bearbeitet 16.06.2026 23:24:59

Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersand) character, (2) the case of an attribute name, (...

  • EPSS 3.14%
  • Veröffentlicht 07.12.2010 13:53:29
  • Zuletzt bearbeitet 16.06.2026 23:24:27

SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field.

  • EPSS 9.86%
  • Veröffentlicht 23.02.2010 20:30:00
  • Zuletzt bearbeitet 16.06.2026 23:16:38

WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.

  • EPSS 8.43%
  • Veröffentlicht 17.11.2009 18:30:00
  • Zuletzt bearbeitet 16.06.2026 23:12:34

Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated use...

  • EPSS 2.1%
  • Veröffentlicht 17.11.2009 18:30:00
  • Zuletzt bearbeitet 16.06.2026 23:12:35

Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter (aka the selection variable).

Exploit
  • EPSS 5.83%
  • Veröffentlicht 23.10.2009 18:30:00
  • Zuletzt bearbeitet 16.06.2026 23:12:02

Algorithmic complexity vulnerability in wp-trackback.php in WordPress before 2.8.5 allows remote attackers to cause a denial of service (CPU consumption and server hang) via a long title parameter in conjunction with a charset parameter composed of m...

  • EPSS 7.91%
  • Veröffentlicht 18.08.2009 21:00:00
  • Zuletzt bearbeitet 16.06.2026 23:10:21

Cross-site scripting (XSS) vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL.