Wordpress

Wordpress

381 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 4.66%
  • Veröffentlicht 20.03.2009 00:30:00
  • Zuletzt bearbeitet 16.06.2026 23:06:21

Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.

Exploit
  • EPSS 12.01%
  • Veröffentlicht 19.12.2008 18:30:00
  • Zuletzt bearbeitet 16.06.2026 23:00:49

wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrar...

Exploit
  • EPSS 3.23%
  • Veröffentlicht 28.11.2008 19:30:00
  • Zuletzt bearbeitet 16.06.2026 22:59:37

Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable).

  • EPSS 1.33%
  • Veröffentlicht 17.11.2008 23:30:00
  • Zuletzt bearbeitet 16.06.2026 22:59:16

WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by at...

  • EPSS 8.99%
  • Veröffentlicht 30.10.2008 20:56:54
  • Zuletzt bearbeitet 16.06.2026 22:58:33

The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitra...

Exploit
  • EPSS 8.97%
  • Veröffentlicht 28.10.2008 10:30:01
  • Zuletzt bearbeitet 16.06.2026 22:58:30

Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. ...

Exploit
  • EPSS 3.81%
  • Veröffentlicht 22.10.2008 10:30:01
  • Zuletzt bearbeitet 16.06.2026 22:58:16

Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) before 2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) s and (2) ip_address parameters.

  • EPSS 5.48%
  • Veröffentlicht 18.09.2008 17:59:33
  • Zuletzt bearbeitet 16.06.2026 22:57:11

WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows rem...

  • EPSS 3.01%
  • Veröffentlicht 18.09.2008 17:59:33
  • Zuletzt bearbeitet 16.06.2026 22:57:11

The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by ...

  • EPSS 2.55%
  • Veröffentlicht 27.08.2008 15:21:00
  • Zuletzt bearbeitet 16.06.2026 22:56:27

The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access ...