|
|
Wordpress » Wordpress : Security Vulnerabilities Published In 2011
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2011-3818 |
200 |
|
+Info |
2011-09-23 |
2012-05-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by wp-admin/includes/user.php and certain other files. |
|
2 |
CVE-2011-3130 |
89 |
|
Sql |
2011-08-10 |
2017-08-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Taxonomy query hardening," possibly involving SQL injection. |
|
3 |
CVE-2011-3129 |
264 |
|
|
2011-08-10 |
2016-05-31 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames. |
|
4 |
CVE-2011-3128 |
200 |
|
+Info |
2011-08-10 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php. |
|
5 |
CVE-2011-3127 |
20 |
|
|
2011-08-10 |
2017-08-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for (1) admin or (2) login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. |
|
6 |
CVE-2011-3126 |
200 |
|
+Info |
2011-08-10 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote attackers to determine usernames of non-authors via canonical redirects. |
|
7 |
CVE-2011-3125 |
|
|
|
2011-08-10 |
2017-08-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Various security hardening." |
|
8 |
CVE-2011-3122 |
|
|
|
2011-08-10 |
2017-08-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Media security." |
|
9 |
CVE-2011-0701 |
200 |
|
+Info |
2011-03-14 |
2017-11-22 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter. |
|
10 |
CVE-2011-0700 |
79 |
|
XSS |
2011-03-14 |
2017-11-21 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (1) the Quick/Bulk Edit title (aka post title or post_title), (2) post_status, (3) comment_status, (4) ping_status, and (5) escaping of tags within the tags meta box. |
|
11 |
CVE-2010-4536 |
79 |
|
XSS |
2011-01-03 |
2017-11-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersand) character, (2) the case of an attribute name, (3) a padded entity, and (4) an entity that is not in normalized form. |
Total number of vulnerabilities : 11
Page :
1
(This Page)
|
|
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE's CVE web site.
CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE's CWE web site.
OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user's risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.
