Shodan
Vulnerabilities
Vulnerable Software
Wordpress:  Security Vulnerabilities
CVE-2008-1646
SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the dl_id parameter.
CVSS Score
7.5
EPSS Score
0.009
Published
2008-04-02
CVE-2008-1304
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php.
CVSS Score
4.3
EPSS Score
0.031
Published
2008-03-12
CVE-2008-1059
PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter.
CVSS Score
7.5
EPSS Score
0.003
Published
2008-02-28
CVE-2008-1060
Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter.
CVSS Score
7.5
EPSS Score
0.238
Published
2008-02-28
CVE-2008-1061
Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to (a) warning.php, (b) notice.php, and (c) inset.php in view/sniplets/, and possibly (d) modules/execute.php; the (2) url parameter to (e) view/admin/submenu.php; and the (3) page parameter to (f) view/admin/pager.php.
CVSS Score
4.3
EPSS Score
0.002
Published
2008-02-28
CVE-2008-0939
Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to index.php, used by the wppa_album_name function. NOTE: some of these details are obtained from third party information.
CVSS Score
7.5
EPSS Score
0.015
Published
2008-02-25
CVE-2008-0837
Cross-site scripting (XSS) vulnerability in the log feature in the John Godley Search Unleashed 0.2.10 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, which is not properly handled when the administrator views the log file.
CVSS Score
4.3
EPSS Score
0.004
Published
2008-02-20
CVE-2008-0845
SQL injection vulnerability in wp-people-popup.php in Dean Logan WP-People plugin 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the person parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2008-02-20
CVE-2008-0682
SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin before 3.72 for Wordpress allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVSS Score
7.5
EPSS Score
0.007
Published
2008-02-12
CVE-2008-0683
SQL injection vulnerability in shiftthis-preview.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter.
CVSS Score
7.5
EPSS Score
0.005
Published
2008-02-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved