| Bug | Description |
|---|
| TEMP-1022575-434581 | wordpress 6.0.3 |
| TEMP-1007145-ABA7D9 | wordpress 5.9.2 |
| TEMP-0783347-AEABE2 | Some plugins were vulnerable to an SQL injection vulnerability |
| TEMP-0783347-555527 | files with invalid or unsafe names could be uploaded |
| TEMP-0500295-A176F7 | possible script injection via /etc/wordpress/wp-config.php |
| TEMP-0407116-23D9EF | wordpress unregister_globals workaround from 2.0.7 |
| TEMP-0369014-6AE03E | 'Cache' shell injection vulnerability |
| TEMP-0000000-0CA7E3 | XSS in press-this of wordpress |
| CVE-2024-32111 | Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ... |
| CVE-2024-31211 | WordPress is an open publishing platform for the Web. Unserialization ... |
| CVE-2024-31210 | WordPress is an open publishing platform for the Web. It's possible fo ... |
| CVE-2023-39999 | Exposure of Sensitive Information to an Unauthorized Actor in WordPres ... |
| CVE-2023-38000 | Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability i ... |
| CVE-2023-22622 | WordPress through 6.1.1 depends on unpredictable client visits to caus ... |
| CVE-2023-5561 | WordPress does not properly restrict which user fields are searchable ... |
| CVE-2023-2745 | WordPress Core is vulnerable to Directory Traversal in versions up to, ... |
| CVE-2022-43504 | Improper authentication vulnerability in WordPress versions prior to 6 ... |
| CVE-2022-43500 | Cross-site scripting vulnerability in WordPress versions prior to 6.0. ... |
| CVE-2022-43497 | Cross-site scripting vulnerability in WordPress versions prior to 6.0. ... |
| CVE-2022-21664 | WordPress is a free and open-source content management system written ... |
| CVE-2022-21663 | WordPress is a free and open-source content management system written ... |
| CVE-2022-21662 | WordPress is a free and open-source content management system written ... |
| CVE-2022-21661 | WordPress is a free and open-source content management system written ... |
| CVE-2022-4973 | WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticate ... |
| CVE-2021-39203 | WordPress is a free and open-source content management system written ... |
| CVE-2021-39202 | WordPress is a free and open-source content management system written ... |
| CVE-2021-39201 | WordPress is a free and open-source content management system written ... |
| CVE-2021-39200 | WordPress is a free and open-source content management system written ... |
| CVE-2021-29476 | Requests is a HTTP library written in PHP. Requests mishandles deseria ... |
| CVE-2021-29450 | Wordpress is an open source CMS. One of the blocks in the WordPress ed ... |
| CVE-2021-29447 | Wordpress is an open source CMS. A user with the ability to upload fil ... |
| CVE-2020-28040 | WordPress before 5.5.2 allows CSRF attacks that change a theme's backg ... |
| CVE-2020-28039 | is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 al ... |
| CVE-2020-28038 | WordPress before 5.5.2 allows stored XSS via post slugs. |
| CVE-2020-28037 | is_blog_installed in wp-includes/functions.php in WordPress before 5.5 ... |
| CVE-2020-28036 | wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allow ... |
| CVE-2020-28035 | WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC ... |
| CVE-2020-28034 | WordPress before 5.5.2 allows XSS associated with global variables. |
| CVE-2020-28033 | WordPress before 5.5.2 mishandles embeds from disabled sites on a mult ... |
| CVE-2020-28032 | WordPress before 5.5.2 mishandles deserialization requests in wp-inclu ... |
| CVE-2020-25286 | In wp-includes/comment-template.php in WordPress before 5.4.2, comment ... |
| CVE-2020-11030 | In affected versions of WordPress, a special payload can be crafted th ... |
| CVE-2020-11029 | In affected versions of WordPress, a vulnerability in the stats() meth ... |
| CVE-2020-11028 | In affected versions of WordPress, some private posts, which were prev ... |
| CVE-2020-11027 | In affected versions of WordPress, a password reset link emailed to a ... |
| CVE-2020-11026 | In affected versions of WordPress, files with a specially crafted name ... |
| CVE-2020-11025 | In affected versions of WordPress, a cross-site scripting (XSS) vulner ... |
| CVE-2020-4050 | In affected versions of WordPress, misuse of the `set-screen-option` f ... |
| CVE-2020-4049 | In affected versions of WordPress, when uploading themes, the name of ... |
| CVE-2020-4048 | In affected versions of WordPress, due to an issue in wp_validate_redi ... |
| CVE-2020-4047 | In affected versions of WordPress, authenticated users with upload per ... |
| CVE-2020-4046 | In affected versions of WordPress, users with low privileges (like con ... |
| CVE-2019-20043 | In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.ph ... |
| CVE-2019-20042 | In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function ... |
| CVE-2019-20041 | wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 ... |
| CVE-2019-17675 | WordPress before 5.2.4 does not properly consider type confusion durin ... |
| CVE-2019-17674 | WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripti ... |
| CVE-2019-17673 | WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON ... |
| CVE-2019-17672 | WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject ... |
| CVE-2019-17671 | In WordPress before 5.2.4, unauthenticated viewing of certain content ... |
| CVE-2019-17670 | WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulner ... |
| CVE-2019-17669 | WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulner ... |
| CVE-2019-16781 | In WordPress before 5.3.1, authenticated users with lower privileges ( ... |
| CVE-2019-16780 | WordPress users with lower privileges (like contributors) can inject J ... |
| CVE-2019-16223 | WordPress before 5.2.3 allows XSS in post previews by authenticated us ... |
| CVE-2019-16222 | WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_b ... |
| CVE-2019-16221 | WordPress before 5.2.3 allows reflected XSS in the dashboard. |
| CVE-2019-16220 | In WordPress before 5.2.3, validation and sanitization of a URL in wp_ ... |
| CVE-2019-16219 | WordPress before 5.2.3 allows XSS in shortcode previews. |
| CVE-2019-16218 | WordPress before 5.2.3 allows XSS in stored comments. |
| CVE-2019-16217 | WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upl ... |
| CVE-2019-9787 | WordPress before 5.1.1 does not properly filter comment content, leadi ... |
| CVE-2019-8942 | WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code executi ... |
| CVE-2018-20153 | In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could mod ... |
| CVE-2018-20152 | In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass i ... |
| CVE-2018-20151 | In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation pa ... |
| CVE-2018-20150 | In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could tri ... |
| CVE-2018-20149 | In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP S ... |
| CVE-2018-20148 | In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could con ... |
| CVE-2018-20147 | In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify m ... |
| CVE-2018-12895 | WordPress through 4.9.6 allows Author users to execute arbitrary code ... |
| CVE-2018-10102 | Before WordPress 4.9.5, the version string was not escaped in the get_ ... |
| CVE-2018-10101 | Before WordPress 4.9.5, the URL validator assumed URLs with the hostna ... |
| CVE-2018-10100 | Before WordPress 4.9.5, the redirection URL for the login page was not ... |
| CVE-2018-5776 | WordPress before 4.9.2 has XSS in the Flash fallback files in MediaEle ... |
| CVE-2017-1001000 | The register_routes function in wp-includes/rest-api/endpoints/class-w ... |
| CVE-2017-1000600 | WordPress version <4.9 contains a CWE-20 Input Validation vulnerabilit ... |
| CVE-2017-17094 | wp-includes/feed.php in WordPress before 4.9.1 does not properly restr ... |
| CVE-2017-17093 | wp-includes/general-template.php in WordPress before 4.9.1 does not pr ... |
| CVE-2017-17092 | wp-includes/functions.php in WordPress before 4.9.1 does not require t ... |
| CVE-2017-17091 | wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser k ... |
| CVE-2017-16510 | WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() ... |
| CVE-2017-14990 | WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but ... |
| CVE-2017-14726 | Before version 4.8.2, WordPress was vulnerable to a cross-site scripti ... |
| CVE-2017-14725 | Before version 4.8.2, WordPress was susceptible to an open redirect at ... |
| CVE-2017-14724 | Before version 4.8.2, WordPress was vulnerable to cross-site scripting ... |
| CVE-2017-14723 | Before version 4.8.2, WordPress mishandled % characters and additional ... |
| CVE-2017-14722 | Before version 4.8.2, WordPress allowed a Directory Traversal attack i ... |
| CVE-2017-14721 | Before version 4.8.2, WordPress allowed Cross-Site scripting in the pl ... |
| CVE-2017-14720 | Before version 4.8.2, WordPress allowed a Cross-Site scripting attack ... |
| CVE-2017-14719 | Before version 4.8.2, WordPress was vulnerable to a directory traversa ... |
| CVE-2017-14718 | Before version 4.8.2, WordPress was susceptible to a Cross-Site Script ... |
| CVE-2017-9066 | In WordPress before 4.7.5, there is insufficient redirect validation i ... |
| CVE-2017-9065 | In WordPress before 4.7.5, there is a lack of capability checks for po ... |
| CVE-2017-9064 | In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnera ... |
| CVE-2017-9063 | In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability ... |
| CVE-2017-9062 | In WordPress before 4.7.5, there is improper handling of post meta dat ... |
| CVE-2017-9061 | In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability ... |
| CVE-2017-8295 | WordPress through 4.7.4 relies on the Host HTTP header for a password- ... |
| CVE-2017-6819 | In WordPress before 4.7.3, there is cross-site request forgery (CSRF) ... |
| CVE-2017-6818 | In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-si ... |
| CVE-2017-6817 | In WordPress before 4.7.3 (wp-includes/embed.php), there is authentica ... |
| CVE-2017-6816 | In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can ... |
| CVE-2017-6815 | In WordPress before 4.7.3 (wp-includes/pluggable.php), control charact ... |
| CVE-2017-6814 | In WordPress before 4.7.3, there is authenticated Cross-Site Scripting ... |
| CVE-2017-5612 | Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp ... |
| CVE-2017-5611 | SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Qu ... |
| CVE-2017-5610 | wp-admin/includes/class-wp-press-this.php in Press This in WordPress b ... |
| CVE-2017-5493 | wp-includes/ms-functions.php in the Multisite WordPress API in WordPre ... |
| CVE-2017-5492 | Cross-site request forgery (CSRF) vulnerability in the widget-editing ... |
| CVE-2017-5491 | wp-mail.php in WordPress before 4.7.1 might allow remote attackers to ... |
| CVE-2017-5490 | Cross-site scripting (XSS) vulnerability in the theme-name fallback fu ... |
| CVE-2017-5489 | Cross-site request forgery (CSRF) vulnerability in WordPress before 4. ... |
| CVE-2017-5488 | Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update ... |
| CVE-2017-5487 | wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in t ... |
| CVE-2016-10148 | The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.p ... |
| CVE-2016-9263 | WordPress through 4.8.2, when domain-based flashmediaelement.swf sandb ... |
| CVE-2016-7169 | Directory traversal vulnerability in the File_Upload_Upgrader class in ... |
| CVE-2016-7168 | Cross-site scripting (XSS) vulnerability in the media_handle_upload fu ... |
| CVE-2016-6897 | Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_ ... |
| CVE-2016-6896 | Directory traversal vulnerability in the wp_ajax_update_plugin functio ... |
| CVE-2016-6635 | Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_comp ... |
| CVE-2016-6634 | Cross-site scripting (XSS) vulnerability in the network settings page ... |
| CVE-2016-5839 | WordPress before 4.5.3 allows remote attackers to bypass the sanitize_ ... |
| CVE-2016-5838 | WordPress before 4.5.3 allows remote attackers to bypass intended pass ... |
| CVE-2016-5837 | WordPress before 4.5.3 allows remote attackers to bypass intended acce ... |
| CVE-2016-5836 | The oEmbed protocol implementation in WordPress before 4.5.3 allows re ... |
| CVE-2016-5835 | WordPress before 4.5.3 allows remote attackers to obtain sensitive rev ... |
| CVE-2016-5834 | Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link ... |
| CVE-2016-5833 | Cross-site scripting (XSS) vulnerability in the column_title function ... |
| CVE-2016-5832 | The customizer in WordPress before 4.5.3 allows remote attackers to by ... |
| CVE-2016-4566 | Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plup ... |
| CVE-2016-4029 | WordPress before 4.5 does not consider octal and hexadecimal IP addres ... |
| CVE-2016-2222 | The wp_http_validate_url function in wp-includes/http.php in WordPress ... |
| CVE-2016-2221 | Open redirect vulnerability in the wp_validate_redirect function in wp ... |
| CVE-2016-1564 | Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/cla ... |
| CVE-2015-8834 | Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in W ... |
| CVE-2015-7989 | Cross-site scripting (XSS) vulnerability in the user list table in Wor ... |
| CVE-2015-5734 | Cross-site scripting (XSS) vulnerability in the legacy theme preview i ... |
| CVE-2015-5733 | Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessi ... |
| CVE-2015-5732 | Cross-site scripting (XSS) vulnerability in the form function in the W ... |
| CVE-2015-5731 | Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php i ... |
| CVE-2015-5730 | The sanitize_widget_instance function in wp-includes/class-wp-customiz ... |
| CVE-2015-5715 | The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in ... |
| CVE-2015-5714 | Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 all ... |
| CVE-2015-5623 | WordPress before 4.2.3 does not properly verify the edit_posts capabil ... |
| CVE-2015-5622 | Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 all ... |
| CVE-2015-3440 | Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in W ... |
| CVE-2015-3439 | Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiec ... |
| CVE-2015-3438 | Multiple cross-site scripting (XSS) vulnerabilities in WordPress befor ... |
| CVE-2015-3429 | Cross-site scripting (XSS) vulnerability in example.html in Genericons ... |
| CVE-2015-2213 | SQL injection vulnerability in the wp_untrash_post_comments function i ... |
| CVE-2014-9039 | wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x befo ... |
| CVE-2014-9038 | wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3. ... |
| CVE-2014-9037 | WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4. ... |
| CVE-2014-9036 | Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3. ... |
| CVE-2014-9035 | Cross-site scripting (XSS) vulnerability in Press This in WordPress be ... |
| CVE-2014-9034 | wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3 ... |
| CVE-2014-9033 | Cross-site request forgery (CSRF) vulnerability in wp-login.php in Wor ... |
| CVE-2014-9032 | Cross-site scripting (XSS) vulnerability in the media-playlists featur ... |
| CVE-2014-9031 | Cross-site scripting (XSS) vulnerability in the wptexturize function i ... |
| CVE-2014-6412 | WordPress before 4.4 makes it easier for remote attackers to predict p ... |
| CVE-2014-5266 | The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 a ... |
| CVE-2014-5265 | The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 a ... |
| CVE-2014-5240 | Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php ... |
| CVE-2014-5205 | wp-includes/pluggable.php in WordPress before 3.9.2 does not use delim ... |
| CVE-2014-5204 | wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CS ... |
| CVE-2014-5203 | wp-includes/class-wp-customize-widgets.php in the widget implementatio ... |
| CVE-2014-2053 | getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6. ... |
| CVE-2014-0166 | The wp_validate_auth_cookie function in wp-includes/pluggable.php in W ... |
| CVE-2014-0165 | WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authentica ... |
| CVE-2013-5739 | The default configuration of WordPress before 3.6.1 does not prevent u ... |
| CVE-2013-5738 | The get_allowed_mime_types function in wp-includes/functions.php in Wo ... |
| CVE-2013-4340 | wp-admin/includes/post.php in WordPress before 3.6.1 allows remote aut ... |
| CVE-2013-4339 | WordPress before 3.6.1 does not properly validate URLs before use in a ... |
| CVE-2013-4338 | wp-includes/functions.php in WordPress before 3.6.1 does not properly ... |
| CVE-2013-2205 | The default configuration of SWFUpload in WordPress before 3.5.2 has a ... |
| CVE-2013-2204 | moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media ... |
| CVE-2013-2203 | WordPress before 3.5.2, when the uploads directory forbids write acces ... |
| CVE-2013-2202 | WordPress before 3.5.2 allows remote attackers to read arbitrary files ... |
| CVE-2013-2201 | Multiple cross-site scripting (XSS) vulnerabilities in WordPress befor ... |
| CVE-2013-2200 | WordPress before 3.5.2 does not properly check the capabilities of rol ... |
| CVE-2013-2199 | The HTTP API in WordPress before 3.5.2 allows remote attackers to send ... |
| CVE-2013-2173 | wp-includes/class-phpass.php in WordPress 3.5.1, when a password-prote ... |
| CVE-2013-0237 | Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode p ... |
| CVE-2013-0236 | Multiple cross-site scripting (XSS) vulnerabilities in WordPress befor ... |
| CVE-2013-0235 | The XMLRPC API in WordPress before 3.5.1 allows remote attackers to se ... |
| CVE-2012-6635 | wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3. ... |
| CVE-2012-6634 | wp-admin/media-upload.php in WordPress before 3.3.3 allows remote atta ... |
| CVE-2012-6633 | Cross-site scripting (XSS) vulnerability in wp-includes/default-filter ... |
| CVE-2012-6112 | classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellcheck ... |
| CVE-2012-4448 | Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php ... |
| CVE-2012-4422 | wp-admin/plugins.php in WordPress before 3.4.2, when the multisite fea ... |
| CVE-2012-4421 | The create_post function in wp-includes/class-wp-atom-server.php in Wo ... |
| CVE-2012-3414 | Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload ... |
| CVE-2012-3385 | WordPress before 3.4.1 does not properly restrict access to post conte ... |
| CVE-2012-3384 | Cross-site request forgery (CSRF) vulnerability in the customizer in W ... |
| CVE-2012-3383 | The map_meta_cap function in wp-includes/capabilities.php in WordPress ... |
| CVE-2012-2404 | wp-comments-post.php in WordPress before 3.3.2 supports offsite redire ... |
| CVE-2012-2403 | wp-includes/formatting.php in WordPress before 3.3.2 attempts to enabl ... |
| CVE-2012-2402 | wp-admin/plugins.php in WordPress before 3.3.2 allows remote authentic ... |
| CVE-2012-2401 | Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPres ... |
| CVE-2012-2400 | Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress ... |
| CVE-2012-2399 | Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload ... |
| CVE-2012-0287 | Cross-site scripting (XSS) vulnerability in wp-comments-post.php in Wo ... |
| CVE-2011-5270 | wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the ... |
| CVE-2011-4957 | The make_clickable function in wp-includes/formatting.php in WordPress ... |
| CVE-2011-4956 | Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 all ... |
| CVE-2011-3130 | wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before ... |
| CVE-2011-3129 | The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 be ... |
| CVE-2011-3128 | WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached att ... |
| CVE-2011-3127 | WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rend ... |
| CVE-2011-3126 | WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote attacke ... |
| CVE-2011-3125 | Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before ... |
| CVE-2011-3122 | Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before ... |
| CVE-2011-1762 | A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'sc ... |
| CVE-2011-0701 | wp-admin/async-upload.php in the media uploader in WordPress before 3. ... |
| CVE-2011-0700 | Multiple cross-site scripting (XSS) vulnerabilities in WordPress befor ... |
| CVE-2010-5297 | WordPress before 3.0.1, when a Multisite installation is used, permane ... |
| CVE-2010-5296 | wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisi ... |
| CVE-2010-5295 | Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in Wo ... |
| CVE-2010-5294 | Multiple cross-site scripting (XSS) vulnerabilities in the request_fil ... |
| CVE-2010-5293 | wp-includes/comment.php in WordPress before 3.0.2 does not properly wh ... |
| CVE-2010-5106 | The XML-RPC remote publishing interface in xmlrpc.php in WordPress bef ... |
| CVE-2010-4536 | Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used i ... |
| CVE-2010-4257 | SQL injection vulnerability in the do_trackbacks function in wp-includ ... |
| CVE-2010-2230 | The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.1 ... |
| CVE-2010-1619 | Cross-site scripting (XSS) vulnerability in the fix_non_standard_entit ... |
| CVE-2010-0682 | WordPress 2.9 before 2.9.2 allows remote authenticated users to read t ... |
| CVE-2009-3891 | Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in ... |
| CVE-2009-3890 | Unrestricted file upload vulnerability in the wp_check_filetype functi ... |
| CVE-2009-3622 | Algorithmic complexity vulnerability in wp-trackback.php in WordPress ... |
| CVE-2009-2854 | Wordpress before 2.8.3 does not check capabilities for certain actions ... |
| CVE-2009-2853 | Wordpress before 2.8.3 allows remote attackers to gain privileges via ... |
| CVE-2009-2851 | Cross-site scripting (XSS) vulnerability in the administrator interfac ... |
| CVE-2009-2762 | wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to ... |
| CVE-2009-2432 | WordPress and WordPress MU before 2.8.1 allow remote attackers to obta ... |
| CVE-2009-2431 | WordPress 2.7.1 places the username of a post's author in an HTML comm ... |
| CVE-2009-2336 | The forgotten mail interface in WordPress and WordPress MU before 2.8. ... |
| CVE-2009-2335 | WordPress and WordPress MU before 2.8.1 exhibit different behavior for ... |
| CVE-2009-2334 | wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not ... |
| CVE-2008-7220 | Unspecified vulnerability in Prototype JavaScript framework (prototype ... |
| CVE-2008-6767 | wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attac ... |
| CVE-2008-6762 | Open redirect vulnerability in wp-admin/upgrade.php in WordPress, prob ... |
| CVE-2008-5695 | wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 ... |
| CVE-2008-5278 | Cross-site scripting (XSS) vulnerability in the self_link function in ... |
| CVE-2008-5113 | WordPress 2.6.3 relies on the REQUEST superglobal array in certain dan ... |
| CVE-2008-4796 | The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 a ... |
| CVE-2008-4769 | Directory traversal vulnerability in the get_category_template functio ... |
| CVE-2008-4671 | Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in W ... |
| CVE-2008-4106 | WordPress before 2.6.2 does not properly handle MySQL warnings about i ... |
| CVE-2008-3747 | The (1) get_edit_post_link and (2) get_edit_comment_link functions in ... |
| CVE-2008-3233 | Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN ... |
| CVE-2008-2392 | Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier ... |
| CVE-2008-2146 | wp-includes/vars.php in Wordpress before 2.2.3 does not properly extra ... |
| CVE-2008-2068 | Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remot ... |
| CVE-2008-1930 | The cookie authentication method in WordPress 2.5 relies on a hash of ... |
| CVE-2008-1502 | The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in ... |
| CVE-2008-1304 | Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 ... |
| CVE-2008-0664 | The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, whe ... |
| CVE-2008-0196 | Multiple directory traversal vulnerabilities in WordPress 2.0.11 and e ... |
| CVE-2008-0195 | WordPress 2.0.11 and earlier allows remote attackers to obtain sensiti ... |
| CVE-2008-0194 | Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0 ... |
| CVE-2008-0193 | Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPr ... |
| CVE-2008-0192 | Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 ... |
| CVE-2007-6318 | SQL injection vulnerability in wp-includes/query.php in WordPress 2.3. ... |
| CVE-2007-6013 | Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash o ... |
| CVE-2007-5710 | Cross-site scripting (XSS) vulnerability in wp-admin/edit-post-rows.ph ... |
| CVE-2007-5106 | Cross-site scripting (XSS) vulnerability in wp-register.php in WordPre ... |
| CVE-2007-5105 | Cross-site scripting (XSS) vulnerability in wp-register.php in WordPre ... |
| CVE-2007-4894 | Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and W ... |
| CVE-2007-4893 | wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress m ... |
| CVE-2007-4483 | Cross-site scripting (XSS) vulnerability in index.php in the WordPress ... |
| CVE-2007-4165 | Cross-site scripting (XSS) vulnerability in index.php in the Blue Memo ... |
| CVE-2007-4154 | SQL injection vulnerability in options.php in WordPress 2.2.1 allows r ... |
| CVE-2007-4153 | Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 ... |
| CVE-2007-3639 | WordPress before 2.2.2 allows remote attackers to redirect visitors to ... |
| CVE-2007-3544 | Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.p ... |
| CVE-2007-3543 | Unrestricted file upload vulnerability in WordPress before 2.2.1 and W ... |
| CVE-2007-3238 | Cross-site scripting (XSS) vulnerability in functions.php in the defau ... |
| CVE-2007-3215 | PHPMailer 1.7, when configured to use sendmail, allows remote attacker ... |
| CVE-2007-3140 | SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remo ... |
| CVE-2007-2821 | SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress be ... |
| CVE-2007-2714 | Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet bef ... |
| CVE-2007-2627 | Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, ... |
| CVE-2007-2383 | The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data ... |
| CVE-2007-1897 | SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, ... |
| CVE-2007-1894 | Cross-site scripting (XSS) vulnerability in wp-includes/general-templa ... |
| CVE-2007-1893 | xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows r ... |
| CVE-2007-1732 | Cross-site scripting (XSS) vulnerability in an mt import in wp-admin/a ... |
| CVE-2007-1622 | Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordP ... |
| CVE-2007-1599 | wp-login.php in WordPress allows remote attackers to redirect authenti ... |
| CVE-2007-1409 | WordPress allows remote attackers to obtain sensitive information via ... |
| CVE-2007-1277 | WordPress 2.1.1, as downloaded from some official distribution sites d ... |
| CVE-2007-1244 | Cross-site request forgery (CSRF) vulnerability in the AdminPanel in W ... |
| CVE-2007-1230 | Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/fun ... |
| CVE-2007-1049 | Cross-site scripting (XSS) vulnerability in the wp_explain_nonce funct ... |
| CVE-2007-0541 | WordPress allows remote attackers to determine the existence of arbitr ... |
| CVE-2007-0540 | WordPress allows remote attackers to cause a denial of service (bandwi ... |
| CVE-2007-0539 | The wp_remote_fopen function in WordPress before 2.1 allows remote att ... |
| CVE-2007-0262 | WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify t ... |
| CVE-2007-0233 | wp-trackback.php in WordPress 2.0.6 and earlier does not properly unse ... |
| CVE-2007-0109 | wp-login.php in WordPress 2.0.5 and earlier displays different error m ... |
| CVE-2007-0107 | WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alte ... |
| CVE-2007-0106 | Cross-site scripting (XSS) vulnerability in the CSRF protection scheme ... |
| CVE-2006-6808 | Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in ... |
| CVE-2006-6017 | WordPress before 2.0.5 does not properly store a profile containing a ... |
| CVE-2006-6016 | wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authent ... |
| CVE-2006-5705 | Multiple directory traversal vulnerabilities in plugins/wp-db-backup.p ... |
| CVE-2006-4743 | WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensit ... |
| CVE-2006-4208 | Directory traversal vulnerability in wp-db-backup.php in Skippy WP-DB- ... |
| CVE-2006-4028 | Multiple unspecified vulnerabilities in WordPress before 2.0.4 have un ... |
| CVE-2006-3390 | WordPress 2.0.3 allows remote attackers to obtain the installation pat ... |
| CVE-2006-3389 | index.php in WordPress 2.0.3 allows remote attackers to obtain sensiti ... |
| CVE-2006-2702 | vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows ... |
| CVE-2006-2667 | Direct static code injection vulnerability in WordPress 2.0.2 and earl ... |
| CVE-2006-1796 | Cross-site scripting (XSS) vulnerability in the paging links functiona ... |
| CVE-2006-1263 | Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in W ... |
| CVE-2006-1012 | SQL injection vulnerability in WordPress 1.5.2, and possibly other ver ... |
| CVE-2006-0986 | WordPress 2.0.1 and earlier allows remote attackers to obtain sensitiv ... |
| CVE-2006-0985 | Multiple cross-site scripting (XSS) vulnerabilities in the "post comme ... |
| CVE-2005-4600 | Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Comp ... |
| CVE-2005-4463 | WordPress before 1.5.2 allows remote attackers to obtain sensitive inf ... |
| CVE-2005-3330 | The _httpsrequest function in Snoopy 1.2, as used in products such as ... |
| CVE-2005-2612 | Direct code injection vulnerability in WordPress 1.5.1.3 and earlier a ... |
| CVE-2005-2110 | WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensit ... |
| CVE-2005-2109 | wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers ... |
| CVE-2005-2108 | SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and ... |
| CVE-2005-2107 | Multiple cross-site scripting (XSS) vulnerabilities in post.php in Wor ... |
| CVE-2005-1810 | SQL injection vulnerability in template-functions-category.php in Word ... |
| CVE-2005-1688 | Wordpress 1.5 and earlier allows remote attackers to obtain sensitive ... |
| CVE-2005-1687 | SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and e ... |
| CVE-2004-1584 | CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows r ... |
| CVE-2004-1559 | Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 a ... |
| CVE-2003-1598 | SQL injection vulnerability in log.header.php in WordPress 0.7 and ear ... |