| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2008-0198 | 4.3 |
Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) wpcf_questi
|
02-08-2023 - 19:11 | 10-01-2008 - 00:46 | |
| CVE-2008-0204 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) mcsp_opt_msg_no
|
15-10-2018 - 21:58 | 10-01-2008 - 00:46 | |
| CVE-2008-0192 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php.
|
15-10-2018 - 21:58 | 10-01-2008 - 00:46 | |
| CVE-2008-0206 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in captcha\captcha.php in the Captcha! 2.5d and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) captcha_ttffolder, (2) captcha_numchars, (3) ca
|
15-10-2018 - 21:58 | 10-01-2008 - 00:46 | |
| CVE-2008-0202 | 4.3 |
CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter.
|
15-10-2018 - 21:58 | 10-01-2008 - 00:46 | |
| CVE-2008-0200 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in account/index.html in RotaBanner Local 3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) drop parameter.
|
15-10-2018 - 21:58 | 10-01-2008 - 00:46 | |
| CVE-2008-0195 | 5.0 |
WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages.
|
15-10-2018 - 21:58 | 10-01-2008 - 00:46 | |
| CVE-2008-0194 | 7.5 |
Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.p
|
15-10-2018 - 21:58 | 10-01-2008 - 00:46 | |
| CVE-2008-0197 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wpcf_email, (2)
|
15-10-2018 - 21:58 | 10-01-2008 - 00:46 | |
| CVE-2008-0207 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in PRO-Search 0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prot, (2) host, (3) path, (4) name, (5) ext, (6) size, (7) search_days, or (8) show_page para
|
15-10-2018 - 21:58 | 10-01-2008 - 00:46 | |
| CVE-2008-0203 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in cryptographp/admin.php in the Cryptographp 1.2 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cryptwidth, (2) cryptheight, (3) bgimg, (
|
15-10-2018 - 21:58 | 10-01-2008 - 00:46 | |
| CVE-2008-0190 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in templates/example_template.php in AwesomeTemplateEngine allow remote attackers to inject arbitrary web script or HTML via the (1) data[title], (2) data[message], (3) data[table][1][item], (4) dat
|
15-10-2018 - 21:58 | 10-01-2008 - 00:46 | |
| CVE-2008-0205 | 4.3 |
Multiple cross-site request forgery (CSRF) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) mcsp_opt_m
|
15-10-2018 - 21:58 | 10-01-2008 - 00:46 | |
| CVE-2008-0201 | 4.3 |
Cross-site scripting (XSS) vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameter.
|
15-10-2018 - 21:58 | 10-01-2008 - 00:46 | |
| CVE-2008-0191 | 5.0 |
WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals the full path and the SQL database structure.
|
15-10-2018 - 21:58 | 10-01-2008 - 00:46 | |
| CVE-2008-0196 | 5.0 |
Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/ad
|
15-10-2018 - 21:58 | 10-01-2008 - 00:46 | |
| CVE-2008-0193 | 4.3 |
Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp
|
15-10-2018 - 21:58 | 10-01-2008 - 00:46 | |
| CVE-2008-0199 | 5.0 |
PRO-Search 0.17 and earlier allows remote attackers to cause a denial of service via certain values of the show_page and time parameters to the default URI.
|
15-10-2018 - 21:58 | 10-01-2008 - 00:46 |