wpsymposiumpro CVE 脆弱性と CVE 一覧(8)

製品(CPE): — CVE 件数: 8

wpsymposiumpro 脆弱性概要

wpsymposiumpro 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

一般的な弱点パターンには vendor risk cross-site scripting、vendor risk sql injection, and vendor risk input validation があり、vendor surface production workloads の利用場面で vendor impact session compromise、vendor impact unexpected behavior, and vendor impact data exposure などのリスクが生じる可能性があります。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 18 / 8 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2021-47927 WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization of the forum name parameter. Attackers can submit POST requests to the admin setup page with JavaScript payloads in the wps_admin_forum_add_name parameter, which are stored and executed when the forum is accessed. [email protected] 5.1 0.19% 2026-05-10 2026-06-17
CVE-2015-9414 The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter. [email protected] 6.1 3.60% 2019-09-25 2026-06-16
CVE-2014-10021 Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in server/php/. [email protected] 7.5 59.97% 2015-01-13 2026-06-16
CVE-2014-8810 SQL injection vulnerability in ajax/mail_functions.php in the WP Symposium plugin before 14.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tray parameter in a getMailMessage action. [email protected] 6.5 3.72% 2014-12-24 2026-06-16
CVE-2014-8809 Multiple cross-site scripting (XSS) vulnerabilities in the WP Symposium plugin before 14.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter in an addComment action to ajax/profile_functions.php, (2) compose_text parameter in a sendMail action to ajax/mail_functions.php, (3) comment parameter in an add_comment action to ajax/lounge_functions.php, or (4) name parameter in a create_album action to ajax/gallery_functions.php. [email protected] 4.3 1.66% 2014-12-24 2026-06-16
CVE-2013-2695 Cross-site scripting (XSS) vulnerability in invite.php in the WP Symposium plugin before 13.04 for WordPress allows remote attackers to inject arbitrary web script or HTML via the u parameter. [email protected] 4.3 1.60% 2014-03-28 2026-06-16
CVE-2013-2694 Open redirect vulnerability in invite.php in the WP Symposium plugin 13.04 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the u parameter. [email protected] 5.8 1.99% 2014-03-28 2026-06-16
CVE-2011-3841 Cross-site scripting (XSS) vulnerability in uploadify/get_profile_avatar.php in the WP Symposium plugin before 11.12.08 for WordPress allows remote attackers to inject arbitrary web script or HTML via the uid parameter. [email protected] 4.3 2.37% 2011-12-27 2026-06-16
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence