This information is sourced from wpvulnerabilities.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
WordPress, a popular website building platform, has a security flaw that allows attackers to inject harmful code into web pages. This can happen when someone with certain access levels tries to use a...
Read MoreWordPress Core, a popular website platform, has a security issue called Directory Traversal. This affects versions up to 6.5.5 and can be exploited through the Template Part block. This means that pe...
Read MoreWordPress Core is susceptible to a security issue called Stored Cross-Site Scripting. This can happen in different versions up to 6.5.5 because the input and output of URLs are not properly checked f...
Read MoreWordPress Core has a security issue that allows hackers to remotely execute code using a PHP gadget. This can happen in versions 6.4.0 and 6.4.1 because of a specific method called "__destruct" in th...
Read MoreWordPress Core has a security issue where user display names can be used to inject harmful scripts into pages. This can be done by both authenticated attackers with certain levels of access and unaut...
Read MoreWordPress Core, a popular website building platform, has a security flaw that can put sensitive information at risk. This flaw affects versions up to 6.4.3 and is caused by the redirect_guess_404_per...
Read MoreWordPress Core, the software used to build websites, was vulnerable to a type of attack called a Denial of Service from Cache Poisoning in versions between 4.7.0 and 6.3.1. When a request was sent to ...
Read MoreWordPress has identified a security vulnerability in versions 5.9 to 6.3.1 that allows malicious attackers with contributor-level privileges or higher to inject malicious scripts into pages that will...
Read MoreWordPress Core, the software used to create and manage websites, is vulnerable to a type of attack called Reflected Cross-Site Scripting. This vulnerability exists in versions 5.6 to 6.3.1 and is cau...
Read MoreWordPress Core, a popular website building platform, has a security vulnerability in versions 6.3 and 6.3.1. This means that malicious attackers with certain permissions can add code to webpages that...
Read MoreWordPress Core is vulnerable to leaking sensitive information in versions up to 6.3.1. If someone has contributor-level access or higher, they can view comments on posts that should be protected.
Read MoreWordPress Core, up to version 6.3.1, has a security vulnerability that allows attackers with subscriber-level or higher privileges to execute any type of code. This vulnerability is due to a lack of ...
Read MoreWordPress Core, the software used to create websites, has a weakness in versions 4.7.0 to 6.3.1 which can expose sensitive information. If someone searches for a user, the search results may include ...
Read MoreWordPress versions up to and including 6.2.1 have a security vulnerability in the way it processes shortcodes in user-generated content in block themes. This could give malicious actors the ability t...
Read MoreWordPress Core, a content management system, is vulnerable to a type of attack known as cross-site scripting. This means that attackers with certain permissions could inject malicious code into pages...
Read MoreWordPress Core, up to and including version 6.2, has a security vulnerability that could be exploited by unauthenticated attackers. This vulnerability allows them to access and load any translation f...
Read MoreWordPress Core, the software powering many websites, includes a feature called "shortcodes". In versions up to, and including, 6.2, shortcodes can be used in user-generated content on "block themes"....
Read MoreWordPress Core is a type of software that was not properly made secure in versions up to 6.2. This flaw means that people with certain levels of access, such as contributors and above, could add any ...
Read MoreCross-site scripting (XSS) is a security vulnerability that affects WordPress versions before 4.5.3. An attacker can use a crafted attachment name in the column_title function in the wp-admin/includes...
Read MoreWordPress Core versions up to and including 6.2 have a security vulnerability that allows unauthenticated users to update the thumbnail image associated with existing attachments. This is accomplishe...
Read MoreBefore version 4.8.2
Read MoreWordPress Core, the software used to run websites, is vulnerable to SQL Injection in versions up to 6.0.3. This means that an attacker can use a plugin or theme installed on a website to get access t...
Read MoreWordPress
Read MoreWordPress versions before 3.4.1 had a security vulnerability that allowed people who were not authorized to view certain posts to see them anyway. These posts may have contained sensitive information
Read MoreBefore version 4.9.5 of WordPress
Read MoreAttackers could use a weakness in the Wordpress 1.5 and earlier software to gain access to the website and execute commands that could potentially damage the website. This weakness is found in the wp-...
Read MoreA security issue has been found in WordPress versions 1.5.1.3 and earlier. This issue allows people from outside to gain access to a WordPress website and execute harmful code. The vulnerability is re...
Read MoreA security vulnerability in a certain version of WordPress (before 2.8.6) allowed people with specific access permissions to upload a file with multiple extensions (like .php.jpg) that could be access...
Read MoreWordPress Core, the underlying software of the popular website building platform, contains a vulnerability that could allow malicious web scripts to be executed when someone views a comment. The vuln...
Read MoreHackers have found a way to take control of a website's administrator account in versions of WordPress 2.0.11 and earlier. This would allow them to move comments to the moderation list without the adm...
Read MoreIf someone has the version of WordPress before 5.5.2
Read MoreThere is a security flaw in WordPress 2.2.1 that allows people with administrator accounts to send commands to certain pages
Read MoreIn WordPress versions before 4.7.5
Read MoreWordPress
Read MoreThe versions of WordPress from 2.0.2 to 2.0.5 have a security vulnerability that could allow attackers to discover the location of the website. This could be done by requesting certain files such as 4...
Read MorePrior to version 2.0.6 of WordPress
Read MoreCross-site scripting (XSS) is a vulnerability that affects WordPress when custom 404 pages that call get_sidebar are used. This vulnerability allows attackers to inject malicious web scripts or HTML i...
Read MoreIf you have a WordPress website running version 5.5.2 or earlier
Read MoreWordPress
Read MoreWordPress 1.5.1.2 and earlier versions have a security flaw which allows attackers to access and modify the contents of an email sent to someone who has forgotten their password. The attackers can do ...
Read MoreCross-site scripting (XSS) is a type of security vulnerability that allows malicious attackers to inject code
Read MoreCross-site scripting (XSS) is a vulnerability found in WordPress before version 4.7.1. It allows malicious attackers to inject malicious code such as web scripts or HTML into websites through a crafte...
Read MoreIn WordPress versions before 4.7.5
Read MoreWordPress versions 3.1 before 3.1.3 and 3.2 before Beta 2 are not secure enough to protect against clickjacking attacks
Read MoreWordPress Core, the software that powers millions of websites, is vulnerable to a type of cyber attack known as Information Disclosure. This type of attack can lead to attackers accessing the email a...
Read MorePHP 5.2.6 includes two functions
Read MoreWordPress versions 3.1 before 3.1.3 and 3.2 before Beta 2 have a security vulnerability that could allow hackers to access sensitive data. This vulnerability is related to the file ""wp-includes/post....
Read MoreA security vulnerability was discovered in the WordPress 1.2 web application that allowed remote attackers to manipulate the HTML content from the server. This was possible by exploiting a flaw in the...
Read MoreIn WordPress versions before 4.9.9 and 5.x before 5.0.1
Read MoreWordPress versions before 5.2.4 are at risk for having malicious JavaScript inserted into them
Read MoreWordPress
Read MoreBefore version 4.5 of WordPress
Read MoreWordPress Core
Read MoreWordPress versions 2.0.9 and earlier have security flaws that allow hackers to insert malicious code into websites. This malicious code can be inserted by exploiting the ""popuptitle parameter"" on th...
Read MoreWordpress versions 1.5 through 2.3.1 use a method to store passwords that makes it possible for attackers to get around the authentication process. This is done by taking the MD5 hash of a password fr...
Read MoreA security flaw in WordPress before version 4.4.2 allowed attackers to redirect users to malicious websites. This was done by sending a misformed URL that tricked the WordPress software into sending t...
Read MoreWordpress 1.2 has multiple security issues that allow hackers to remotely add unauthorized web script and HTML to certain features. These features include wp-login.php
Read MoreA type of attack called cross-site request forgery (CSRF) was discovered in versions of WordPress before 4.7.1. This type of attack allowed remote attackers to gain control of another person's account...
Read MoreWordPress is a website platform software that had a vulnerability before version 2.6.5. This vulnerability could allow a remote attacker to inject malicious code
Read MoreWordPress
Read MoreWordPress versions up to and including 4.8.2 use an insecure password hashing algorithm. This means that if an attacker can get access to the hash values, they can easily figure out what the plain te...
Read MoreCross-site scripting (XSS) is a type of vulnerability that allows remote attackers to inject malicious code (such as web script or HTML) into websites or web applications. This vulnerability was ident...
Read MoreIn WordPress before version 4.9.1
Read MoreCross-site scripting (XSS) is a type of computer security vulnerability that allows malicious attackers to inject code (such as web scripts or HTML) into the Plupload.as feature of Moxiecode plupload
Read MoreWordPress Core, the software that runs the website, has a security vulnerability. This means that it is possible for an unauthenticated user to perform certain actions on the website under the identi...
Read MoreIn WordPress versions before 4.6
Read MoreHackers can exploit weaknesses in WordPress versions 2.0.1 and earlier to insert malicious code into the ""post comment"" feature. This code could then be seen by other users when they view the commen...
Read MoreIn WordPress 2.8.3 and earlier
Read MoreA security issue has been identified in WordPress 0.70 which allows attackers to remotely execute malicious code when a specific file is accessed. This malicious code can be used to access sensitive i...
Read MoreWordPress 2.7.1 has a security issue that allows people who read the HTML source code of a post to find out the username of the author. This could potentially lead to the author's information being ac...
Read MoreWordPress versions before 3.6.1 have a security issue which could allow remote attackers to run code on your website. This issue is related to how WordPress checks if data has been modified or not. If...
Read MoreA vulnerability in WordPress
Read MoreWordPress versions before 3.5.2 have a security issue which allows people with access to the website
Read MoreWordPress
Read MoreWordPress versions before 5.2.4 have a security problem due to the way Windows paths are handled when certain types of URLs are validated. This vulnerability is called a Server Side Request Forgery (S...
Read MoreIn WordPress versions before 4.7.5
Read MoreBefore version 4.8.2
Read MoreBefore WordPress version 4.9.5
Read MoreHackers can use a security flaw in WordPress versions before 2.8.2 to insert malicious code into the administrator interface of a website. This malicious code could be used to take control of the webs...
Read MoreBefore version 3.5.2 of WordPress
Read MoreA security issue in WordPress versions before 3.1.1 could allow a malicious party to cause a crash by including a crafted URL in a comment. A function in WordPress (make_clickable) did not properly ch...
Read MoreWordPress
Read MoreWordPress 2.0.2 and earlier versions contain a security issue that allows remote attackers to run malicious code on the system. Attackers can do this by entering a special combination of characters an...
Read MoreCross-site scripting (XSS) is a type of security vulnerability that affects WordPress before version 4.2.1. An attacker can insert malicious code
Read MoreIn WordPress versions prior to 4.9.9 and 5.0.1
Read MoreA security risk was discovered in the wp-admin/upgrade.php file of WordPress
Read MoreWordPress versions released before 5.2.4 have a security issue that could allow someone to access data without permission. The problem is that the software doesn't check if a URL is valid by looking a...
Read MoreWordPress is a software used to create websites and blogs. Before version 4.8.2
Read MoreWordPress is vulnerable to a security flaw that could let malicious attackers find out if certain files exist
Read MoreThe jquery-plugin-query-object 2.2.3 software contains a security vulnerability which can be exploited by a malicious user. This vulnerability allows the malicious user to add their own properties to ...
Read MoreWordPress versions before 2.0.2 had security problems that let hackers insert their own code into webpages. This code could be used to cause harm or to do things that the website owner did not want.
Read MoreWordPress
Read MoreWordPress
Read MoreAttackers are able to execute dangerous commands on a website running WordPress (version 4.2.3 or earlier) by sending specially crafted comments. These commands can allow attackers to access informati...
Read MoreA vulnerability in the media-playlists feature in WordPress versions 3.9.x before 3.9.3 and 4.x before 4.0.1 could allow someone to inject malicious code (such as web script or HTML) into websites usi...
Read MoreWordPress 2.1.1 and earlier versions have a security flaw called cross-site request forgery (CSRF) vulnerability in the AdminPanel. This vulnerability could allow remote attackers to do actions as adm...
Read MoreWordPress versions released before 5.2.3 had a security flaw that allowed malicious code to be inserted into the website through the preview feature of a shortcode.
Read MoreWordPress versions before 3.5.1 have a security issue in their XMLRPC API that allows malicious actors to send HTTP requests to internal servers and conduct port scanning. This is done by using a sour...
Read MoreIn WordPress 2.0.6 and earlier
Read MoreIn WordPress versions before 4.9.9 and 5.x before 5.0.1
Read MoreWordPress is a free and powerful system used to create and manage content on websites. Unfortunately
Read MoreWordPress versions 4.9.6 and earlier have a vulnerability that allow users with certain roles (Author
Read MoreCross-site scripting (XSS) is a type of vulnerability that allows an attacker to inject malicious code into a website. In this case
Read MoreThere is a vulnerability in WordPress versions released before 5.2.3 which makes it possible for someone to insert malicious code into comments that are stored on the website.
Read MoreWordPress 3.5.1 contains a file
Read MoreIn WordPress before version 5.5.2
Read MoreWordPress versions 1.5.1.2 and earlier have a security vulnerability that allows attackers to gain access to sensitive information. This can be done by either sending a direct request to the menu-head...
Read MoreWordPress 2.2 has a security hole that allows remote users who are logged in to execute unauthorized commands through a parameter in the XML RPC wp.suggestCategories methodCall. This vulnerability is ...
Read MoreWordPress versions before 2.0.5 have a security vulnerability that allows remote authenticated users to crash the application. This is done by sending a string that either contains a malformed or very...
Read MoreBefore version 4.8.2
Read MoreThere was an issue in WordPress which allowed someone to create a link to an external website that
Read MoreWordPress is a free program that allows users to create and manage their own websites. In the latest version of WordPress (5.8 beta 1)
Read MoreWordPress versions before 4.8.3 have a security vulnerability that may allow hackers to inject malicious code into websites in the form of plugins and themes. This is done by using a special method ca...
Read MoreWordPress versions 3.7.4
Read MoreWordPress is a free and popular tool used to create websites and blogs. It was recently discovered that users who don't have certain permissions (like a contributor/author) could potentially bypass ce...
Read MoreWordPress recently released a fix in version 5.4.1 to address a vulnerability that could cause some previously public posts to be disclosed without authentication. In addition to 5.4.1
Read MoreThere is a security vulnerability in the WordPress software before version 3.3.2 that could potentially have an unknown harmful effect. The vulnerability is located in a file called wp-includes/js/swf...
Read MoreWordPress is a free and easy-to-use website builder. A serious security issue was found that could allow someone to bypass certain security measures
Read MoreBefore version 4.8.2
Read MoreWordPress Core, in versions up to 6.0.2, has a security vulnerability that could allow users with specific access to the WordPress post and page editor, such as Authors, Contributors, and Editors, to...
Read MoreWordPress
Read MoreWordPress versions 2.0.6 and 2.1Alpha 3 have a security issue where attackers can access sensitive information from the website. This is done by using an invalid ""m[]"" parameter which can reveal the...
Read MoreA security flaw in WordPress versions 2.0 up to 2.0.9 and versions 2.1 up to 2.1.1 allowed an attacker to insert malicious code into a website. This could be done by sending a specially crafted reques...
Read MoreWordPress is a free and popular website-building service that is used to create and manage websites. A security vulnerability was recently discovered in WordPress versions 3.7.37 and older. This vulne...
Read MoreWordPress versions before 5.5.2 have a bug in the code responsible for determining if WordPress is already installed. This bug allows an attacker to start a new installation of WordPress
Read MoreIn WordPress before version 3.6.1
Read MoreThe Incutio XML-RPC Library
Read MoreWordPress versions before 5.4.1 had a security issue where a malicious user could execute JavaScript code in the Customizer's navigation section. This issue has been fixed in WordPress 5.4.1
Read MoreWordPress versions before 3.6.1 did not block people from uploading certain types of files
Read MoreWordPress versions before 2.2.1 and WordPress MU versions before 1.2.3 had a security flaw that allowed a user who was already logged in to upload and run any PHP code. This was done by creating a pos...
Read MoreWordPress versions before 3.9.2 had a security flaw that made it easier for attackers to get around the protection that was in place to prevent unwanted access. This was because it didn't always separ...
Read MoreCross-site scripting (XSS) is a type of vulnerability that can be exploited by hackers. In WordPress before version 4.2.4
Read MoreWordPress versions before 3.5.1 have security flaws that could allow attackers to add malicious code to a website. This code could be in the form of a script or HTML and could be added using the galle...
Read MoreCross-site scripting (XSS) is a type of security vulnerability that allows attackers to inject malicious code into websites. In WordPress before version 4.7.2
Read MoreThe versions of WordPress before 3.7.2 and 3.8.2 have a vulnerability which makes it easier for attackers to gain access to a website with a forged authentication cookie. The issue is in the wp_valida...
Read MoreIn WordPress before version 4.9.1
Read MoreWordPress
Read MoreCross-site scripting (XSS) is a type of security vulnerability that affects websites. In WordPress before version 4.5.3
Read MoreWordPress versions before 2.0.10 RC2 and 2.1.3 RC2 contain a security vulnerability that allows someone who is remotely logged in with certain privileges to add malicious code to the WordPress website...
Read MoreWordPress
Read MoreWordpress versions before 2.2.3 and Wordpress multi-user (MU) versions before 1.2.5a have security vulnerabilities that allow people from outside to run commands on the Wordpress database. This is don...
Read MoreWordpress versions before 2.2.3 have a security issue where attackers can access certain restricted pages. This is caused by a problem in the wp-includes/vars.php file
Read MoreWordPress versions before 5.1.1 have a security flaw that could allow someone who is not authenticated to take control of the website and make changes to the code. This is due to two problems - the we...
Read MoreWordPress is a type of software used to create websites. It is open to the public
Read MoreIn WordPress versions before 3.0.2
Read MoreIn WordPress versions prior to 4.7.3
Read MoreWordPress 4.8.2 does not adequately secure user accounts that are not yet activated. It stores the passwords for these accounts in plain text
Read MoreCross-site scripting (XSS) is a type of vulnerability in WordPress before version 3.0.2 that could allow attackers to add their own code
Read MoreCross-site scripting (XSS) is a security vulnerability that allows malicious users to inject code
Read MoreWordPress is a type of software that helps people create websites. It has a feature called the Media Library that lets people upload files. Unfortunately
Read MoreWordPress before version 3.5.2 was vulnerable to a security issue that allowed someone to send malicious requests from an external source to an internal server. This issue is similar to one identified...
Read MoreIn WordPress versions 3.9.x before 3.9.2
Read MoreWordPress versions before 2.8.3 have a security vulnerability that allows attackers to gain access to certain privileges by directly requesting certain pages within the ""wp-admin"" folder. The pages ...
Read MoreWordPress versions before 4.9 have an issue that could allow someone to run code on the website remotely. This could be done by an authorized user uploading a thumbnail. It is uncertain if extra plugi...
Read MoreIn WordPress versions before 4.7.3
Read MoreThe version of WordPress before 4.2.4 does not use a secure method to compare widgets
Read MoreWordPress
Read MoreWordPress versions before 2.1 have a function called wp_remote_fopen
Read MoreCross-site request forgery (CSRF) is a vulnerability in a feature of WordPress before version 4.7.1 that allows remote attackers to gain access to someone else's account without their knowledge. This ...
Read MoreIn versions of WordPress prior to 5.4.2
Read MoreWordPress 2.2.1 has security flaws that could let someone with an Administrator account on the website add malicious code to the site. This code can be added either when changing settings in the Admin...
Read MoreBefore version 2.0.5 of WordPress
Read MoreA vulnerability in a file called ""wp-includes/class-wp-query.php"" in a program called WordPress
Read MoreIn WordPress versions 3.7 to 5.3.0
Read MoreWordPress versions before 5.5.2 had a security vulnerability that allowed hackers to insert malicious code into posts by using certain words in the post title
Read MoreBefore version 4.8.2
Read MoreWordPress
Read MoreIn WordPress MU before version 1.3.2 and in WordPress 2.3.2 and earlier
Read MoreA security weakness in WordPress version 1.5.2 and possibly earlier versions before 2.0 could allow someone to send malicious code through the User-Agent field in an HTTP header associated with a comm...
Read MoreIn WordPress versions before 4.9.9 and 5.x before 5.0.1
Read MoreWordPress versions before 4.4.1 contained security flaws that allowed a malicious online user to insert harmful code into a website by exploiting weaknesses in the wp-includes/class-wp-theme.php file....
Read MoreCross-site scripting
Read MoreIn WordPress versions affected by this issue
Read MoreWordPress versions 3.1 and 3.2 before Beta 2 have a file upload feature that could be vulnerable to attack when used on certain hosts. It is unknown how this vulnerability could be exploited
Read MoreWordPress versions 3.1 before 3.1.3 and 3.2 before Beta 2 have a security issue that could allow hackers to use malicious code to access your website. This issue is related to something called ""Taxon...
Read MoreCross-site scripting (XSS) is a security vulnerability that can be found in WordPress before version 3.9.2 when it is used in a ""Multisite"" configuration. This vulnerability could allow a remote aut...
Read MoreA vulnerability in versions of WordPress before 3.7.5
Read MoreAn issue in WordPress before version 2.0.5 allowed people with access to the system to read or replace files on it. This was possible by entering certain commands as part of a GET request.
Read MoreA security flaw in the version 4.5.3 of the WordPress website management software allows people with a remote account to cause a service outage or read certain text files. This is achieved by adding a...
Read MoreAttackers can use a security flaw in WordPress before version 4.2.4 to prevent administrators from being able to edit posts. They can do this by sending a specific request which will lock the post
Read MoreWordPress before version 2.8.5 has a security issue which could allow remote attackers to cause a denial of service. This could lead to an increased amount of CPU usage and cause the server to hang. T...
Read MoreIn WordPress versions before 5.4.2
Read MoreWordPress versions before 3.5.2 are vulnerable to having malicious code inserted into them by remote attackers. This code could be web scripts or HTML
Read MoreMoxieplayer
Read MoreIn WordPress versions before 4.7.5
Read MoreWordPress
Read MoreA security flaw was discovered in an older version of WordPress (before 4.2.2)
Read MoreIn WordPress
Read MoreIn versions of WordPress before 4.9.9 and 5.x before 5.0.1
Read MoreIn WordPress version 4.7.2 and before
Read MoreWordPress versions 3.7.5
Read MoreIf someone tries to log in to a WordPress or WordPress MU website that is running a version earlier than 2.8.1
Read MoreWordPress users who don't have as much access (like contributors) can add JavaScript code to the block editor using a certain input. If an administrator looks at the post in the editor
Read MoreWordPress and WordPress MU (versions before 2.8.1) have a security vulnerability that allows attackers to get access to sensitive information. The vulnerability can be exploited by sending a direct re...
Read MoreWordPress versions 3.4.x before 3.4.2 have a security vulnerability when the multisite feature is enabled. This vulnerability allows remote authenticated users to bypass access restrictions and perfor...
Read MoreThere is a security issue in WordPress 1.5.1 that allows people who are not authorized to do so to execute certain commands on the WordPress website. This vulnerability is related to the $cat_ID varia...
Read MoreIn WordPress before version 4.9.1
Read MoreBefore version 4.8.2
Read MoreWordPress
Read MoreWordPress versions 3.1 up to 3.1.3 and 3.2 up to Beta 2 could be used by attackers to figure out the usernames of people who do not have permission to access the website.
Read MoreIn WordPress 2.0.2
Read MoreIf you had a WordPress website and were using an affected version
Read MoreA security issue was found in WordPress versions released before 3.7.5
Read MoreWordPress versions before 5.8 have a security issue that can make it easier for malicious people to gain access to websites using WordPress. This can happen if the website uses a plugin that has the s...
Read MoreA security issue in the WordPress 2.0.3 and earlier versions allows people from a remote location to access and delete any file
Read MoreBefore WordPress version 4.9.5
Read MoreWordPress is a free website-building system that is open for anyone to use. It was written in a computer language called PHP
Read MoreWordPress Core
Read MoreWordPress versions before 4.2.3 have a security issue that allows users with limited access rights to bypass restrictions and create drafts. This issue was demonstrated by using a post-quickdraft-save...
Read MoreIn WordPress versions before 5.2.4
Read MoreBefore version 4.8.2
Read MoreWordPress versions 3.7.2 and earlier
Read MorePrior to version 5.2.4 of WordPress
Read MoreWordPress version 2.1.1 was infected with dangerous code that gave hackers a way to get back into WordPress websites.
Read MoreIn WordPress versions prior to 5.4.1
Read MoreWordPress versions before 3.5.2 have a security vulnerability that allows someone from outside the website to access and read private files. This is done by using a response from an XML provider that ...
Read MoreWordPress 2.1.2 and possibly earlier versions have a security issue which allows remote users who are logged in to run dangerous commands through a string in an XML RPC mt.setPostCategories method cal...
Read MoreA security flaw in WordPress 2.2.1 allows malicious actors to insert dangerous code into the website. This code could be used to steal information or take control of the website. It affects the ""Temp...
Read MoreWordPress
Read MoreWordPress versions before 5.2.3 had a security flaw that allowed people with access to the website to create posts or pages with malicious code that could harm other users. This is fixed in version 5....
Read MoreOlder versions of WordPress (before 2.0.11) have a security vulnerability that could allow someone to find out sensitive information. If a certain type of malicious person enters a blank value into a ...
Read MoreA vulnerability in a software called Plupload
Read MoreRequests is a software library written in the programming language PHP. There was an issue in the library that caused it to mishandle certain types of data. This issue has been fixed
Read MoreIn WordPress versions before 3.6.1
Read MoreWordPress
Read MoreHackers can gain access to sensitive information through WordPress versions before 1.5.2. This is done by sending a request to certain files
Read MoreIn WordPress versions 3.7 to 5.3.0
Read MoreWordPress versions before 5.5.2 had a problem with how it handled requests to be deserialized in a certain file in the software.
Read MoreWordPress versions up to 5.0.3 have a security vulnerability that allows an attacker to write an output image to a directory of their choice. To do this
Read MoreWordPress before version 4.7.3 had a security vulnerability called cross-site request forgery (CSRF). This vulnerability could cause too many requests to be sent to the server
Read MoreSomeone with access to a WordPress website before version 3.0.2 could use a certain part of the website to run their own code
Read MoreAttackers can use a security flaw in the wp-register.php file of WordPress 2.0 and 2.0.1 to insert malicious code into a website. This code can be in the form of web scripts or HTML and is inserted vi...
Read MoreIn WordPress and WordPress MU before 2.8.1
Read MoreWordPress
Read MoreThere is a security issue in versions of WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 which could potentially allow unauthorized access to the system. It is not known what the exact impact of this...
Read MoreWordPress versions before 4.9.9 and 5.x before 5.0.1 have a security vulnerability that allows someone with author privileges to execute arbitrary code. This is done by changing a Post Meta entry to a...
Read MoreWordPress 2.5.1 and earlier versions have a security vulnerability that could let someone with access to the dashboard upload and run a malicious file. This could allow them to gain control of the web...
Read MoreWordPress
Read MoreWordPress 2.0.5 contains a security flaw that allows people from outside the website to insert malicious code into it. This code can be used to alter the website and make it do things that it was not ...
Read MoreIn WordPress versions 4.9.9 and earlier and 5.x before 5.0.1
Read MoreCross-site scripting (XSS) is a type of vulnerability that allows attackers to inject malicious code through websites. This vulnerability was found in WordPress
Read MoreWordPress versions before 4.2.3 have a security vulnerability which can allow malicious users with certain privileges to inject harmful web scripts or HTML into the site. This involves the use of a sp...
Read MoreThe Incutio XML-RPC Library
Read MoreIn WordPress versions before 5.2.3
Read MoreA security weakness in WordPress 2.5 could let people from other websites put their own code
Read MoreWordPress
Read MoreWordPress 2.9
Read MoreWordPress versions prior to 3.6.1 do not check URLs carefully enough before using them to redirect to another website. This can be used by malicious attackers to redirect people away from the intended...
Read MoreWordPress Core is vulnerable to a potential information leak through its REST-API in versions up to 6.0.3. If you have access to certain details such as terms and tags for a post, it is possible to s...
Read MoreA security vulnerability in older versions of WordPress (3.7.5
Read MoreIn some older versions of WordPress
Read MoreWordPress versions before 5.2.3 have a security vulnerability that could allow hackers to take control of a website. This vulnerability has to do with how URLs are handled
Read MoreThere is a security issue in WordPress versions before 3.0.2 which allows malicious websites to inject dangerous code into a WordPress site. This is done by providing a specially crafted error message...
Read MoreIn WordPress versions before 4.7.3
Read MoreWordPress
Read MoreWordPress versions before 4.1.2 had security vulnerabilities which allowed attackers to insert malicious code into a website. This code could be written in a comment and was triggered by either a four...
Read MoreWordPress versions 2.9.2 and 3.0.4 are vulnerable to attackers who can gain access to sensitive information by directly requesting a particular .php file. If they do this
Read MoreWordPress 3.4.2 contains a security issue that makes it easier for hackers to access or change data. When an administrator logs out
Read MoreA security vulnerability was discovered in the XMLRPC subsystem of WordPress versions before 4.3.1. This vulnerability allows users who are logged into the site to bypass intended restrictions on post...
Read MoreIn WordPress before version 3.9.2
Read MoreWordPress Core is a software system that is vulnerable to a type of attack called Stored Cross-Site Scripting. This type of attack occurs when an attacker with access to the theme customizer (such as...
Read MoreWordPress versions 2.3.3 and earlier
Read MoreCross-site scripting (XSS) is a vulnerability in the protection scheme used by WordPress before version 2.0.6. It allows malicious people to insert unwanted web scripts or HTML into websites through a...
Read MoreWordPress
Read MoreIf you are using an affected version of WordPress
Read MoreWordPress 2.3.2 has weaknesses that could allow a remote attacker to insert their own web script or HTML code into the website. The attacker can do this by using the ""inviteemail"" parameter in the "...
Read MoreWordPress 1.5.1.2 and earlier versions have multiple security issues that allow people to insert malicious code or content into webpages. This code or content
Read MoreWordPress
Read MoreIn WordPress 3.4.2 and earlier
Read MoreWordPress versions before 2.6.2 have a security issue where a remote attacker can reset the password of any user on the website. The attacker can do this by registering a username similar to the usern...
Read MoreIn WordPress versions before 2.6.1
Read MoreA security issue has been identified in certain versions of WordPress that could allow someone to run malicious code on a website if they had the ability to upload files. The versions affected are 5.3...
Read MoreWordPress versions 2.2.x and 2.3.x have a vulnerability which allows malicious actors to gain access to sensitive information. This is done by sending a special request to the default web address with...
Read MoreWordPress before version 3.3.3 had a security flaw that allowed people to access sensitive information or get around restrictions on what kind of media they could attach to posts by using a certain va...
Read MoreIn WordPress versions before 4.7.5
Read MoreAn issue was found in WordPress versions prior to 3.7.5
Read MoreWordPress Core is an online platform that is vulnerable to a security issue. In versions prior to 6.0.3, users with access to terms and tags, such as a contributor, could find out details about posts...
Read MoreWordPress Core versions up to 6.0.2 have a security vulnerability that can be exploited if an attacker injects malicious content into the code of a plugin. This malicious content will trigger when so...
Read MoreBefore version 4.8.2
Read MoreWordPress
Read MoreWordPress versions prior to 4.6.1 had a security vulnerability which could allow malicious actors to inject malicious code into a website. An attacker could achieve this by convincing an administrator...
Read MoreA security problem was found in the way WordPress 4.7 and earlier versions handled information about who wrote a post. An attacker could use this security problem to gain access to sensitive informati...
Read MoreWordPress versions before 5.2.3 had a security flaw in the way it handled media uploads. This flaw could allow attackers to put malicious code into the website.
Read MoreThere are security issues with WordPress versions before 2.0.4. It is not known what the effects of these problems are or how they can be used to attack a computer remotely. It is unclear how these is...
Read MoreWordPress 2.3.1 and earlier versions have a security vulnerability that allows hackers to execute malicious commands on the website. This vulnerability is related to the ""s"" parameter in the ""wp-in...
Read MoreIn WordPress versions before 4.9.9 and 5.x before 5.0.1
Read MoreMultiple security holes in KSES
Read MoreWordPress 2.1.2 (and possibly earlier versions) has an issue where users who have the ""contributor"" role can access a feature that they are not supposed to have access to. This feature
Read MoreWordPress versions before 2.2.2 have vulnerabilities that allow attackers to redirect visitors to other websites and potentially access sensitive information. This could be done by manipulating the _w...
Read MoreWordPress
Read MoreWordpress versions 2.2.3 and before
Read MoreWordPress before version 3.0.5 contained a problem in its media uploader where remote users who were authenticated
Read MoreWordPress versions 4.7.4 and below have a security vulnerability that makes it easier for hackers to access someone's account. This is due to the way WordPress handles password reset emails. A hacker ...
Read MoreA vulnerability in a software program called Plupload
Read MoreThe WordPress REST API in versions 4.7.x before 4.7.2 had a vulnerability where an attacker could modify arbitrary pages without needing an integer identifier. This was done by making a request to the...
Read MoreA security issue in the version of WordPress before 4.3.1 allowed people with access to the user list table to add malicious code to the website. This malicious code could be used to cause harm to the...
Read MoreWordPress versions before 3.0.5 had several security issues that could allow remote users with an account to insert malicious web scripts or HTML code into the content. This was possible through the Q...
Read MoreCross-site scripting (XSS) is a security vulnerability that can be found in certain versions of WordPress before version 4.5. This vulnerability allows someone to inject malicious web scripts or HTML ...
Read MoreA security flaw in versions of WordPress before 4.2.4 allowed attackers to insert malicious code into a website using a feature called refreshAdvancedAccessibilityOfItem in wp-admin/js/nav-menu.js. Th...
Read MoreWordPress is a popular website platform
Read MoreWordPress versions before 5.2.4 have a security issue that can allow someone to control the content of the information that is stored when certain requests are made. This issue is related to a missing...
Read MoreIn WordPress versions before 4.9.9
Read MoreWordPress 2.0.5 and earlier has a security flaw that could allow remote attackers to find out sensitive information and use it to break into the system. This is done by looking at different error mess...
Read MoreWordPress 1.5 and earlier versions have security weaknesses that can allow attackers to run commands on the website. This is done by using the content or title of a post. This vulnerability is called ...
Read MoreAttackers can use a security weakness in WordPress 2.0 to insert malicious code into a website through the user_login parameter of the wp-register.php file. This malicious code can be used to damage t...
Read MoreOwnCloud Server versions before 5.0.15 and 6.0.2 have a vulnerability in the getID3() function that could allow someone to access and read files from a computer
Read MoreIn WordPress before version 5.3.1
Read MoreWordPress Core, the software used to create websites, is vulnerable to a security issue in versions up to 6.0.3. This means an attacker can redirect a victim to a malicious website if the victim clic...
Read MorePlupload
Read MorePeople using WordPress before version 4.5.3 may be vulnerable to having their redirection restrictions bypassed by an attacker.
Read MoreWordPress
Read MoreA security vulnerability in WordPress versions before 4.7.1 made it easier for hackers to gain access to websites. This vulnerability was related to the way WordPress generated random numbers for keys...
Read MoreWordPress 2.0.3 has a security flaw that can be exploited by people with malicious intentions. They can make a direct request to certain files in the WordPress installation
Read MoreIn WordPress versions before 3.4.2
Read MoreIn WordPress before version 5.3.1
Read MoreWordpress versions before 2.8.3 had a security flaw that allowed people to make changes to the website without proper access. This could be done by sending a direct request to certain pages in the wp-...
Read MoreIn WordPress before version 4.4.2
Read MoreWordPress versions 1.5.1.2 and earlier contain a vulnerability that allows remote attackers to execute malicious code. This vulnerability is found in the XMLRPC server and is caused by input that is n...
Read MoreWordPress versions before 3.0.2 have a security issue in which a malicious user can bypass spam restrictions by creating a specially crafted URL. This URL can trigger a match to certain words
Read MoreWordPress versions before 4.5.3 could be exploited by malicious individuals to gain access to sensitive information from a post's revision history. This vulnerability was present in the WordPress file...
Read MoreWordPress
Read MoreWordPress is a content management system used by many websites. In versions before 4.5
Read MoreWordPress Core versions up to 6.0.3 had a security issue with how they handled user permissions. This fix was made to address two vulnerabilities in wp-mail.php and wp-trackback.php which could have ...
Read MoreWordPress
Read MoreA security issue has been discovered in WordPress before version 4.6.1 that allows people who have been given access to the website to access files on the website that they should not be able to acces...
Read MoreWordPress Core versions 5.9 to 5.9.1 have a security vulnerability that can allow attackers to store malicious code on the website. This malicious code can be set in the 'isGlobalStylesUserThemeJSON'...
Read MoreIn WordPress versions prior to 4.7.3
Read MoreWordPress
Read MoreWordPress Core in versions prior to 5.8.2 included an outdated security certificate, known as DST Root CA X3. This certificate is no longer actively used and does not pose any significant security ri...
Read MoreIn WordPress 4.9.7, it is possible for a malicious user to upload a file that contains malicious code. This user would need to have access to the admin area and the capability to upload plugins. If a...
Read MoreIn WordPress versions before 3.3.3
Read MoreWordPress Core, the software powering websites, had a security vulnerability in versions before 3.8.2 that allowed malicious administrative users to inject malicious code into the website. This code ...
Read MoreWordPress 2.5 has a security issue called ""cryptographic splicing"" where remote attackers can gain administrator privileges by registering usernames that begin with ""admin"". This is possible becau...
Read MoreCross-site scripting (XSS) is a vulnerability that allows a remote attacker to insert malicious web scripts or HTML into an application. In the case of MediaElement.js before version 2.21.0
Read MoreWordPress 2.2.1 and WordPress MU 1.2.3 have a security vulnerability that allows people who are logged in to the system to upload and run malicious code. This bug is related to the wp_postmeta table a...
Read MoreWordPress and WordPress MU before version 2.8.1 had a feature in their mail system that acted differently when someone asked for a password. Depending on whether or not the user account existed
Read MoreWordPress versions 2.0.1 and earlier contain security flaws that allow malicious individuals to access sensitive information on the website. Attackers can get to this information by directly requestin...
Read MoreIn WordPress versions before 4.7.3
Read MoreHackers can use a vulnerability in log.header.php in WordPress 0.7 and earlier to run commands on a website. These commands can be used to access information that is not normally available.
Read MoreOlder versions of the WordPress content management system (versions 3.7.5 and earlier
Read MoreWordPress versions 3.7.5 and before
Read MoreWordPress versions released before 5.2.4 do not check if the person visiting the admin pages is who they say they are. This could potentially lead to a type of cyber attack known as Cross-Site Request...
Read MoreIn WordPress versions before 4.7.5
Read MoreA security issue has been found in WordPress 2.3 that could allow someone to insert malicious code into the website. This code could be used to access sensitive information about the website
Read MoreWordPress Core, up to version 6.0.2, is vulnerable to a form of attack called SQL Injection. This type of attack can be used by anyone who is logged in to WordPress and has a high-level of access, su...
Read MoreWordPress is a free and open-source website platform. It is written in a programming language called PHP and uses a database called MariaDB. There was an issue in one of the classes where it didn't sa...
Read MoreWordPress versions before 4.9.2 were vulnerable to a type of attack called cross-site scripting (XSS). This vulnerability was found in the Flash fallback files that are part of the MediaElement packag...
Read MoreCross-site scripting (XSS) is a security vulnerability that can allow attackers to put malicious code on a website. In versions of WordPress 3.3.x before 3.3.1
Read MoreWordPress Core in different versions prior to 5.9.2 and Gutenberg versions before 12.7.2 have a security vulnerability in the block editor, which could allow malicious web scripts to be injected in s...
Read MoreWordPress Core and the Gutenberg plugin for WordPress have a security vulnerability that could allow malicious web scripts to be injected onto webpages. This vulnerability affects versions of WordPre...
Read MoreA security flaw was found in a website file called Genericons before version 3.3.1
Read MoreCross-site scripting (XSS) is a type of vulnerability that allows attackers to inject malicious code into webpages. In the case of SWFUpload 2.2.0.1 and earlier, WordPress before 3.3.2, TinyMCE Image...
Read More© Really Simple Plugins
CoC 70461155
Kalmarweg 14-5
9723 JG, Groningen (NL)
