Shodan
Vulnerabilities
Vulnerable Software
Wordpress:  >> Wordpress  >> 3.6.1  Security Vulnerabilities
CVE-2012-2912
Multiple cross-site scripting (XSS) vulnerabilities in the LeagueManager plugin 3.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter in the show-league page or (2) season parameter in the team page to wp-admin/admin.php.
CVSS Score
4.3
EPSS Score
0.002
Published
2012-05-21
CVE-2012-2913
Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plugin 0.0.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) leaflet_layer.php or (2) leaflet_marker.php, as reachable through wp-admin/admin.php.
CVSS Score
4.3
EPSS Score
0.011
Published
2012-05-21
CVE-2012-2916
Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in the SABRE plugin before 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the active_option parameter to wp-admin/tools.php.
CVSS Score
4.3
EPSS Score
0.002
Published
2012-05-21
CVE-2012-2917
Cross-site scripting (XSS) vulnerability in the Share and Follow plugin 1.80.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the CDN API Key (cnd-key) in a share-and-follow-menu page to wp-admin/admin.php.
CVSS Score
4.3
EPSS Score
0.009
Published
2012-05-21
CVE-2012-1785
kg_callffmpeg.php in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to execute arbitrary commands via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.016
Published
2012-03-19
CVE-2012-1786
The Media Upload form in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to obtain the installation path via unknown vectors.
CVSS Score
5.0
EPSS Score
0.003
Published
2012-03-19
CVE-2011-5082
Cross-site scripting (XSS) vulnerability in the s2Member Pro plugin before 111220 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s2member_pro_authnet_checkout[coupon] parameter (aka Coupon Code field).
CVSS Score
4.3
EPSS Score
0.003
Published
2012-03-19
CVE-2012-1205
PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin before 0.20 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
CVSS Score
7.5
EPSS Score
0.038
Published
2012-02-24
CVE-2012-1067
SQL injection vulnerability in the WP-RecentComments plugin 2.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in an rc-content action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
7.5
EPSS Score
0.005
Published
2012-02-14
CVE-2012-1068
Cross-site scripting (XSS) vulnerability in the rc_ajax function in core.php in the WP-RecentComments plugin before 2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter, related to AJAX paging.
CVSS Score
4.3
EPSS Score
0.004
Published
2012-02-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved