Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-5278

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-28 Nov, 2008 | 19:00
Updated At-07 Aug, 2024 | 10:49
Rejected At-
Credits

Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:28 Nov, 2008 | 19:00
Updated At:07 Aug, 2024 | 10:49
Rejected At:
▼CVE Numbering Authority (CNA)

Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable).

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00176.html
vendor-advisory
x_refsource_FEDORA
http://wordpress.org/development/2008/11/wordpress-265/
x_refsource_CONFIRM
http://osvdb.org/50214
vdb-entry
x_refsource_OSVDB
http://securityreason.com/securityalert/4662
third-party-advisory
x_refsource_SREASON
http://www.securityfocus.com/bid/32476
vdb-entry
x_refsource_BID
http://secunia.com/advisories/32882
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/498652
mailing-list
x_refsource_BUGTRAQ
http://secunia.com/advisories/32966
third-party-advisory
x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/46882
vdb-entry
x_refsource_XF
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00000.html
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00176.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://wordpress.org/development/2008/11/wordpress-265/
Resource:
x_refsource_CONFIRM
Hyperlink: http://osvdb.org/50214
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://securityreason.com/securityalert/4662
Resource:
third-party-advisory
x_refsource_SREASON
Hyperlink: http://www.securityfocus.com/bid/32476
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://secunia.com/advisories/32882
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/archive/1/498652
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://secunia.com/advisories/32966
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/46882
Resource:
vdb-entry
x_refsource_XF
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00000.html
Resource:
vendor-advisory
x_refsource_FEDORA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00176.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://wordpress.org/development/2008/11/wordpress-265/
x_refsource_CONFIRM
x_transferred
http://osvdb.org/50214
vdb-entry
x_refsource_OSVDB
x_transferred
http://securityreason.com/securityalert/4662
third-party-advisory
x_refsource_SREASON
x_transferred
http://www.securityfocus.com/bid/32476
vdb-entry
x_refsource_BID
x_transferred
http://secunia.com/advisories/32882
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/archive/1/498652
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://secunia.com/advisories/32966
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/46882
vdb-entry
x_refsource_XF
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00000.html
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00176.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://wordpress.org/development/2008/11/wordpress-265/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://osvdb.org/50214
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://securityreason.com/securityalert/4662
Resource:
third-party-advisory
x_refsource_SREASON
x_transferred
Hyperlink: http://www.securityfocus.com/bid/32476
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://secunia.com/advisories/32882
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/498652
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://secunia.com/advisories/32966
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/46882
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00000.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:28 Nov, 2008 | 19:30
Updated At:08 Aug, 2017 | 01:33

Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
WordPress.org
wordpress
>>wordpress>>Versions up to 2.6.3(inclusive)
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>0.6.2
cpe:2.3:a:wordpress:wordpress:0.6.2:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>0.6.2
cpe:2.3:a:wordpress:wordpress:0.6.2:beta_2:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>0.6.2.1
cpe:2.3:a:wordpress:wordpress:0.6.2.1:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>0.6.2.1
cpe:2.3:a:wordpress:wordpress:0.6.2.1:beta_2:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>0.7
cpe:2.3:a:wordpress:wordpress:0.7:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>0.71
cpe:2.3:a:wordpress:wordpress:0.71:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>0.71-gold
cpe:2.3:a:wordpress:wordpress:0.71-gold:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>0.72
cpe:2.3:a:wordpress:wordpress:0.72:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>0.72
cpe:2.3:a:wordpress:wordpress:0.72:beta1:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>0.72
cpe:2.3:a:wordpress:wordpress:0.72:beta2:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>0.72
cpe:2.3:a:wordpress:wordpress:0.72:rc1:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>0.711
cpe:2.3:a:wordpress:wordpress:0.711:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>1.0
cpe:2.3:a:wordpress:wordpress:1.0:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>1.0-platinum
cpe:2.3:a:wordpress:wordpress:1.0-platinum:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>1.0.1
cpe:2.3:a:wordpress:wordpress:1.0.1:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>1.0.1-miles
cpe:2.3:a:wordpress:wordpress:1.0.1-miles:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>1.0.2
cpe:2.3:a:wordpress:wordpress:1.0.2:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>1.0.2-blakey
cpe:2.3:a:wordpress:wordpress:1.0.2-blakey:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>1.2
cpe:2.3:a:wordpress:wordpress:1.2:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>1.2
cpe:2.3:a:wordpress:wordpress:1.2:beta:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>1.2-delta
cpe:2.3:a:wordpress:wordpress:1.2-delta:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>1.2-mingus
cpe:2.3:a:wordpress:wordpress:1.2-mingus:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>1.2.1
cpe:2.3:a:wordpress:wordpress:1.2.1:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>1.2.2
cpe:2.3:a:wordpress:wordpress:1.2.2:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>1.3.1
cpe:2.3:a:wordpress:wordpress:1.3.1:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>1.4
cpe:2.3:a:wordpress:wordpress:1.4:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>1.5
cpe:2.3:a:wordpress:wordpress:1.5:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>1.5-strayhorn
cpe:2.3:a:wordpress:wordpress:1.5-strayhorn:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>1.5.1
cpe:2.3:a:wordpress:wordpress:1.5.1:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>1.5.1.1
cpe:2.3:a:wordpress:wordpress:1.5.1.1:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>1.5.1.2
cpe:2.3:a:wordpress:wordpress:1.5.1.2:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>1.5.1.3
cpe:2.3:a:wordpress:wordpress:1.5.1.3:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>1.5.2
cpe:2.3:a:wordpress:wordpress:1.5.2:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>1.6
cpe:2.3:a:wordpress:wordpress:1.6:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>2.0
cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>2.0.1
cpe:2.3:a:wordpress:wordpress:2.0.1:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>2.0.2
cpe:2.3:a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>2.0.3
cpe:2.3:a:wordpress:wordpress:2.0.3:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>2.0.4
cpe:2.3:a:wordpress:wordpress:2.0.4:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>2.0.5
cpe:2.3:a:wordpress:wordpress:2.0.5:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>2.0.6
cpe:2.3:a:wordpress:wordpress:2.0.6:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>2.0.7
cpe:2.3:a:wordpress:wordpress:2.0.7:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>2.0.8
cpe:2.3:a:wordpress:wordpress:2.0.8:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>2.0.9
cpe:2.3:a:wordpress:wordpress:2.0.9:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>2.0.10
cpe:2.3:a:wordpress:wordpress:2.0.10:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>2.0.10_rc1
cpe:2.3:a:wordpress:wordpress:2.0.10_rc1:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>2.0.10_rc2
cpe:2.3:a:wordpress:wordpress:2.0.10_rc2:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>2.0.11
cpe:2.3:a:wordpress:wordpress:2.0.11:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>2.1
cpe:2.3:a:wordpress:wordpress:2.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description
http://wordpress.org/development/2008/11/wordpress-265/ The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package.
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://osvdb.org/50214cve@mitre.org
N/A
http://secunia.com/advisories/32882cve@mitre.org
N/A
http://secunia.com/advisories/32966cve@mitre.org
N/A
http://securityreason.com/securityalert/4662cve@mitre.org
N/A
http://wordpress.org/development/2008/11/wordpress-265/cve@mitre.org
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/498652cve@mitre.org
Exploit
http://www.securityfocus.com/bid/32476cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/46882cve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00000.htmlcve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00176.htmlcve@mitre.org
N/A
Hyperlink: http://osvdb.org/50214
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/32882
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/32966
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securityreason.com/securityalert/4662
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://wordpress.org/development/2008/11/wordpress-265/
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/archive/1/498652
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://www.securityfocus.com/bid/32476
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/46882
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00000.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00176.html
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

12327Records found
CVE-2011-5191
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.36% / 57.21%
||
7 Day CHG~0.00%
Published-23 Sep, 2012 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5192.

Action-Not Available
Vendor-blairwilliamsn/aWordPress.org
Product-pretty_link_lite_pluginwordpressn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-5180
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.96% / 75.52%
||
7 Day CHG~0.00%
Published-20 Sep, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in wp-1pluginjquery.php in the ZooEffect plugin 1.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: some of these details are obtained from third party information. NOTE: this has been disputed by a third party.

Action-Not Available
Vendor-zooeffectn/aWordPress.org
Product-zooeffectwordpressn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-5082
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.35% / 56.58%
||
7 Day CHG~0.00%
Published-19 Mar, 2012 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the s2Member Pro plugin before 111220 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s2member_pro_authnet_checkout[coupon] parameter (aka Coupon Code field).

Action-Not Available
Vendor-s2membern/aWordPress.org
Product-s2memberwordpressn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-5194
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.54% / 66.63%
||
7 Day CHG~0.00%
Published-23 Sep, 2012 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin before 1.4.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vulnerability than CVE-2011-5193.

Action-Not Available
Vendor-phpacen/aWordPress.org
Product-samswhoiswordpressn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-5207
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-4.22% / 88.30%
||
7 Day CHG~0.00%
Published-04 Oct, 2012 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script or HTML via the tcp_name_post_XXXXX parameter.

Action-Not Available
Vendor-thecartpressn/aWordPress.org
Product-thecartpresswordpressn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-5225
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.47% / 63.55%
||
7 Day CHG~0.00%
Published-25 Oct, 2012 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Action-Not Available
Vendor-trioniclabsn/aWordPress.org
Product-sentinelwordpressn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-5182
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.96% / 75.56%
||
7 Day CHG~0.00%
Published-20 Sep, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in lanoba-social-plugin/index.php in the Lanoba Social plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor disputes this issue, stating "Lanoba's plug in does sanitize user input, and because that input is never sent to the browser, an attacker has no way of executing script or code on a user's behalf.

Action-Not Available
Vendor-n/aWordPress.org
Product-lanoba_social_pluginwordpressn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-5181
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.42% / 79.79%
||
7 Day CHG~0.00%
Published-20 Sep, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-clickdeskn/aWordPress.org
Product-clickdesk_live_support-live_chat_pluginwordpressn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-4618
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-4.72% / 88.98%
||
7 Day CHG~0.00%
Published-24 Jan, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.

Action-Not Available
Vendor-simplerealtythemen/aWordPress.org
Product-advanced_text_widget_pluginwordpressn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-4926
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-3.16% / 86.41%
||
7 Day CHG~0.00%
Published-29 Aug, 2012 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.

Action-Not Available
Vendor-bueltgen/aWordPress.org
Product-adminimizewordpressn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-4562
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.53% / 66.24%
||
7 Day CHG~0.00%
Published-28 Nov, 2011 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in (1) view/admin/log_item.php and (2) view/admin/log_item_details.php in the Redirection plugin 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist.

Action-Not Available
Vendor-john_godleyn/aWordPress.org
Product-wordpressredirection_pluginn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-5179
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.20% / 83.77%
||
7 Day CHG~0.00%
Published-20 Sep, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.

Action-Not Available
Vendor-skysan/aWordPress.org
Product-skysa_app_bar_integration_pluginwordpressn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-7175
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 39.22%
||
7 Day CHG~0.00%
Published-08 Sep, 2009 | 10:00
Updated-07 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in NextGEN Gallery 0.96 and earlier plugin for Wordpress allows remote attackers to inject arbitrary web script or HTML via the picture description field in a page edit action.

Action-Not Available
Vendor-alex_raben/aWordPress.org
Product-wordpressnextgen_galleryn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-16221
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.12% / 77.39%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 13:07
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WordPress before 5.2.3 allows reflected XSS in the dashboard.

Action-Not Available
Vendor-n/aDebian GNU/LinuxWordPress.org
Product-wordpressdebian_linuxn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-3853
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 46.85%
||
7 Day CHG~0.00%
Published-28 Sep, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Hybrid theme before 0.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.

Action-Not Available
Vendor-themehybridn/aWordPress.org
Product-hybridwordpressn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-3855
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.42% / 61.34%
||
7 Day CHG~0.00%
Published-28 Sep, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

Action-Not Available
Vendor-graphpaperpressn/aWordPress.org
Product-f8_litewordpressn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-4733
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.59% / 68.13%
||
7 Day CHG~0.00%
Published-24 Oct, 2008 | 10:00
Updated-07 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in wpcommentremix.php in WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) replytotext, (2) quotetext, (3) originallypostedby, (4) sep, (5) maxtags, (6) tagsep, (7) tagheadersep, (8) taglabel, and (9) tagheaderlabel parameters.

Action-Not Available
Vendor-pressographyn/aWordPress.org
Product-wp_comment_remix_pluginwordpressn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-4671
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.73% / 71.87%
||
7 Day CHG~0.00%
Published-22 Oct, 2008 | 10:00
Updated-07 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) before 2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) s and (2) ip_address parameters.

Action-Not Available
Vendor-n/aWordPress.org
Product-wordpress_mun/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-8834
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.81% / 73.29%
||
7 Day CHG~0.00%
Published-22 May, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3440.

Action-Not Available
Vendor-n/aWordPress.org
Product-wordpressn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-3857
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 46.85%
||
7 Day CHG~0.00%
Published-28 Sep, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Antisnews theme before 1.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

Action-Not Available
Vendor-antisocialmediallcn/aWordPress.org
Product-wordpressantisnewsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-5776
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-2.42% / 84.51%
||
7 Day CHG~0.00%
Published-18 Jan, 2018 | 22:00
Updated-05 Aug, 2024 | 05:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement).

Action-Not Available
Vendor-n/aWordPress.org
Product-wordpressn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-20150
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-4.97% / 89.27%
||
7 Day CHG~0.00%
Published-14 Dec, 2018 | 20:00
Updated-05 Aug, 2024 | 11:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.

Action-Not Available
Vendor-n/aDebian GNU/LinuxWordPress.org
Product-wordpressdebian_linuxn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2007-5105
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.81% / 82.08%
||
7 Day CHG~0.00%
Published-26 Sep, 2007 | 22:00
Updated-07 Aug, 2024 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the user_email parameter.

Action-Not Available
Vendor-n/aWordPress.org
Product-wordpressn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-3863
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.42% / 61.34%
||
7 Day CHG~0.00%
Published-28 Sep, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the RedLine theme before 1.66 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

Action-Not Available
Vendor-post-scriptumn/aWordPress.org
Product-wordpressredlinen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-3851
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 46.85%
||
7 Day CHG~0.00%
Published-28 Sep, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the News theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.

Action-Not Available
Vendor-devpressn/aWordPress.org
Product-wordpressnewsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-10102
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-2.69% / 85.28%
||
7 Day CHG~0.00%
Published-14 Apr, 2018 | 13:00
Updated-05 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.

Action-Not Available
Vendor-n/aDebian GNU/LinuxWordPress.org
Product-wordpressdebian_linuxn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-9061
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.77% / 81.87%
||
7 Day CHG~0.00%
Published-18 May, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename.

Action-Not Available
Vendor-n/aDebian GNU/LinuxWordPress.org
Product-wordpressdebian_linuxn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-9063
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.90% / 74.67%
||
7 Day CHG~0.00%
Published-18 May, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session.

Action-Not Available
Vendor-n/aDebian GNU/LinuxWordPress.org
Product-wordpressdebian_linuxn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-6818
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-5.49% / 89.84%
||
7 Day CHG~0.00%
Published-12 Mar, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names.

Action-Not Available
Vendor-n/aWordPress.org
Product-wordpressn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-5488
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.82% / 73.35%
||
7 Day CHG~0.00%
Published-15 Jan, 2017 | 02:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin.

Action-Not Available
Vendor-n/aWordPress.org
Product-wordpressn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-5490
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.95% / 75.46%
||
7 Day CHG~0.00%
Published-15 Jan, 2017 | 02:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php.

Action-Not Available
Vendor-n/aWordPress.org
Product-wordpressn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-5612
Matching Score-10
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-10
Assigner-Debian GNU/Linux
CVSS Score-6.1||MEDIUM
EPSS-0.91% / 74.85%
||
7 Day CHG~0.00%
Published-30 Jan, 2017 | 04:24
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt.

Action-Not Available
Vendor-n/aDebian GNU/LinuxWordPress.org
Product-wordpressdebian_linuxn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-3856
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.42% / 61.34%
||
7 Day CHG~0.00%
Published-28 Sep, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme before 1.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

Action-Not Available
Vendor-atastypixeln/aWordPress.org
Product-wordpresselegant_grungen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-3860
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.58% / 67.79%
||
7 Day CHG~0.00%
Published-28 Sep, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

Action-Not Available
Vendor-onedesignsn/aWordPress.org
Product-wordpresscover_wpn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2012-6312
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.14% / 77.57%
||
7 Day CHG~0.00%
Published-11 Dec, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php.

Action-Not Available
Vendor-video-lead-formn/aWordPress.org
Product-uk-cookiewordpressn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-0760
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.73%
||
7 Day CHG~0.00%
Published-28 Mar, 2011 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the configuration screen in wp-relatedposts.php in the WP Related Posts plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the (1) wp_relatedposts_title, (2) wp_relatedposts_num, or (3) wp_relatedposts_type parameter.

Action-Not Available
Vendor-adminofsystemn/aWordPress.org
Product-wp_related_postswordpressn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2007-4480
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.35% / 56.52%
||
7 Day CHG~0.00%
Published-22 Aug, 2007 | 23:00
Updated-07 Aug, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in index.php in the Sirius 1.0 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).

Action-Not Available
Vendor-n/aWordPress.org
Product-siriusn/a
CVE-2007-4481
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.58%
||
7 Day CHG~0.00%
Published-22 Aug, 2007 | 23:00
Updated-07 Aug, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in index.php in the (1) Blix 0.9.1 and (2) Blix 0.9.1 Rus themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).

Action-Not Available
Vendor-n/aWordPress.org
Product-blixn/a
CVE-2007-4544
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.67%
||
7 Day CHG~0.00%
Published-27 Aug, 2007 | 23:00
Updated-07 Aug, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the weblog_id parameter (Username field).

Action-Not Available
Vendor-n/aWordPress.org
Product-wordpress_mun/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2007-4014
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.16% / 77.75%
||
7 Day CHG~0.00%
Published-26 Jul, 2007 | 01:00
Updated-07 Aug, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in a certain index.php installation script related to the (1) Blix 0.9.1, (2) Blixed 1.0, and (3) BlixKrieg (Blix Krieg) 2.2 themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-n/aWordPress.org
Product-blixedblixblixkriegn/a
CVE-2007-3241
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.30% / 53.03%
||
7 Day CHG~0.00%
Published-15 Jun, 2007 | 01:00
Updated-07 Aug, 2024 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in blogroll.php in the cordobo-green-park theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI.

Action-Not Available
Vendor-n/aWordPress.org
Product-wordpressn/a
CVE-2007-3239
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.00% / 76.07%
||
7 Day CHG~0.00%
Published-15 Jun, 2007 | 01:00
Updated-07 Aug, 2024 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. NOTE: this can be leveraged for PHP code execution in an administrative session.

Action-Not Available
Vendor-n/aWordPress.org
Product-wordpressn/a
CVE-2007-3240
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.83% / 73.66%
||
7 Day CHG~0.00%
Published-15 Jun, 2007 | 01:00
Updated-07 Aug, 2024 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI) that accesses index.php. NOTE: this can be leveraged for PHP code execution in an administrative session.

Action-Not Available
Vendor-n/aWordPress.org
Product-wordpressn/a
CVE-2007-1049
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-5.80% / 90.16%
||
7 Day CHG~0.00%
Published-21 Feb, 2007 | 17:00
Updated-07 Aug, 2024 | 12:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable.

Action-Not Available
Vendor-n/aGentoo Foundation, Inc.WordPress.org
Product-wordpresslinuxn/a
CVE-2007-1894
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-5.50% / 89.85%
||
7 Day CHG~0.00%
Published-09 Apr, 2007 | 20:00
Updated-07 Aug, 2024 | 13:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function.

Action-Not Available
Vendor-n/aWordPress.org
Product-wordpressn/a
CVE-2007-1622
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-4.15% / 88.20%
||
7 Day CHG~0.00%
Published-23 Mar, 2007 | 00:00
Updated-07 Aug, 2024 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.

Action-Not Available
Vendor-n/aWordPress.org
Product-wordpressn/a
CVE-2006-1263
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 57.94%
||
7 Day CHG~0.00%
Published-19 Mar, 2006 | 02:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

Action-Not Available
Vendor-n/aWordPress.org
Product-wordpressn/a
CVE-2006-0985
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.16% / 77.74%
||
7 Day CHG~0.00%
Published-03 Mar, 2006 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the "post comment" functionality of WordPress 2.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) website, and (3) comment parameters.

Action-Not Available
Vendor-n/aWordPress.org
Product-wordpressn/a
CVE-2013-5738
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.84% / 73.79%
||
7 Day CHG~0.00%
Published-12 Sep, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The get_allowed_mime_types function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfiltered_html capability for uploads of .htm and .html files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file.

Action-Not Available
Vendor-n/aWordPress.org
Product-wordpressn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-2199
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.78% / 72.71%
||
7 Day CHG~0.00%
Published-08 Jul, 2013 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HTTP API in WordPress before 3.5.2 allows remote attackers to send HTTP requests to intranet servers via unspecified vectors, related to a Server-Side Request Forgery (SSRF) issue, a similar vulnerability to CVE-2013-0235.

Action-Not Available
Vendor-n/aWordPress.org
Product-wordpressn/a
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 246
  • 247
  • Next
Details not found