Shodan
Vulnerabilities
Vulnerable Software
Wordpress:  >> Wordpress  >> 3.6.1  Security Vulnerabilities
CVE-2011-4669
SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the uid parameter to index.php.
CVSS Score
7.5
EPSS Score
0.006
Published
2011-12-02
CVE-2011-4646
SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information.
CVSS Score
6.0
EPSS Score
0.004
Published
2011-11-30
CVE-2011-4568
Cross-site scripting (XSS) vulnerability in view/frontend-head.php in the Flowplayer plugin before 1.2.12 for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI.
CVSS Score
4.3
EPSS Score
0.003
Published
2011-11-29
CVE-2011-4562
Multiple cross-site scripting (XSS) vulnerabilities in (1) view/admin/log_item.php and (2) view/admin/log_item_details.php in the Redirection plugin 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist.
CVSS Score
4.3
EPSS Score
0.005
Published
2011-11-28
CVE-2010-4875
Cross-site scripting (XSS) vulnerability in vodpod-video-gallery/vodpod_gallery_thumbs.php in the Vodpod Video Gallery Plugin 3.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gid parameter.
CVSS Score
4.3
EPSS Score
0.037
Published
2011-10-07
CVE-2011-3981
PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
CVSS Score
7.5
EPSS Score
0.053
Published
2011-10-04
CVE-2011-3856
Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme before 1.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVSS Score
4.3
EPSS Score
0.005
Published
2011-09-28
CVE-2011-3857
Cross-site scripting (XSS) vulnerability in the Antisnews theme before 1.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVSS Score
4.3
EPSS Score
0.002
Published
2011-09-28
CVE-2011-3858
Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVSS Score
4.3
EPSS Score
0.006
Published
2011-09-28
CVE-2011-3859
Cross-site scripting (XSS) vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
CVSS Score
4.3
EPSS Score
0.005
Published
2011-09-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved