wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data.
Max CVSS
7.5
EPSS Score
7.16%
Published
2014-08-18
Updated
2014-08-28
PHP remote file inclusion vulnerability in wp-links/links.all.php in WordPress 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the $abspath variable.
Max CVSS
7.5
EPSS Score
1.15%
Published
2014-10-27
Updated
2017-08-29
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.
Max CVSS
7.5
EPSS Score
0.31%
Published
2014-10-01
Updated
2017-08-29
3 vulnerabilities found