Wordpress: >> Wordpress Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script or HTML via the tcp_name_post_XXXXX parameter.
CVSS Score
4.3
EPSS Score
0.045
Published
2012-10-04
Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.
CVSS Score
4.3
EPSS Score
0.089
Published
2012-10-01
Cross-site scripting (XSS) vulnerability in css/gallery-css.php in the Slideshow Gallery2 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the border parameter.
CVSS Score
4.3
EPSS Score
0.037
Published
2012-10-01
Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboard_incoming_links edit action.
CVSS Score
6.8
EPSS Score
0.011
Published
2012-09-28
Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5192.
CVSS Score
4.3
EPSS Score
0.017
Published
2012-09-23
Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5191.
CVSS Score
4.3
EPSS Score
0.021
Published
2012-09-23
Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin 1.4.2.3 for WordPress, when the WHOIS widget is enabled, allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php, a different vulnerability than CVE-2011-5194.
CVSS Score
2.6
EPSS Score
0.041
Published
2012-09-23
Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin before 1.4.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vulnerability than CVE-2011-5193.
CVSS Score
4.3
EPSS Score
0.022
Published
2012-09-23
Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter. NOTE: some of these details are obtained from third party information.
CVSS Score
4.3
EPSS Score
0.104
Published
2012-09-20
Cross-site scripting (XSS) vulnerability in lanoba-social-plugin/index.php in the Lanoba Social plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor disputes this issue, stating "Lanoba's plug in does sanitize user input, and because that input is never sent to the browser, an attacker has no way of executing script or code on a user's behalf.
CVSS Score
4.3
EPSS Score
0.036
Published
2012-09-20