Search Results (14168 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-4342 2 Backwpup, Wordpress 2 Backwpup, Wordpress 2025-04-11 N/A
PHP remote file inclusion vulnerability in wp_xml_export.php in the BackWPup plugin before 1.7.2 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter.
CVE-2011-3981 2 Likno, Wordpress 2 Allwebmenus Plugin, Wordpress 2025-04-11 N/A
PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
CVE-2011-3865 2 Ulyssesonline, Wordpress 2 Black-letterhead, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Black-LetterHead theme before 1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
CVE-2011-3864 2 Somadesign, Wordpress 2 The Erudite, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the The Erudite theme before 2.7.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
CVE-2011-3863 2 Post-scriptum, Wordpress 2 Redline, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the RedLine theme before 1.66 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2011-3862 2 Adazing, Wordpress 2 Morning Coffee, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Morning Coffee theme before 3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
CVE-2011-3861 2 Webminimalist, Wordpress 2 Web Minimalist 200901, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Web Minimalist 200901 theme before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
CVE-2011-3860 2 Onedesigns, Wordpress 2 Cover Wp, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2013-0736 2 Cartpauj, Wordpress 2 Mingle-forum, Wordpress 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) modify user privileges or (2) conduct cross-site scripting (XSS) attacks via unspecified vectors.
CVE-2011-3859 2 Themehybrid, Wordpress 2 Trending, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
CVE-2011-3858 2 Wordpress, Zespia 2 Wordpress, Pixiv Custom 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2011-3857 2 Antisocialmediallc, Wordpress 2 Antisnews, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Antisnews theme before 1.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2011-3856 2 Atastypixel, Wordpress 2 Elegant Grunge, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme before 1.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2011-3855 2 Graphpaperpress, Wordpress 2 F8 Lite, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2011-3854 2 Quirm, Wordpress 2 Zenlite, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2011-3853 2 Themehybrid, Wordpress 2 Hybrid, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Hybrid theme before 0.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
CVE-2011-3852 2 Theme4press, Wordpress 2 Evolve, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2011-3851 2 Devpress, Wordpress 2 News, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the News theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
CVE-2011-3850 2 Bytesforall, Wordpress 2 Atahualpa, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Atahualpa theme before 3.6.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2011-3818 1 Wordpress 1 Wordpress 2025-04-11 N/A
WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by wp-admin/includes/user.php and certain other files.