VYPR

apk package

wolfi/wordpress-oci-entrypoint

pkg:apk/wolfi/wordpress-oci-entrypoint

Vulnerabilities (8)

  • CVE-2025-58674MedSep 23, 2025
    affected < 6.8.3-r0fixed 6.8.3-r0

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPress allows Stored XSS. WordPress core security team is aware of the issue and working on a fix. This is low severity vulnerability that requires an attacker to have Author

  • CVE-2025-58246MedSep 23, 2025
    affected < 6.8.3-r0fixed 6.8.3-r0

    Insertion of Sensitive Information Into Sent Data vulnerability in WordPress allows Retrieve Embedded Sensitive Data. The WordPress Core security team is aware of the issue and is already working on a fix. This is a low-severity vulnerability. Contributor-level privileges require

  • CVE-2013-7240Jan 3, 2014
    affected < 0fixed 0

    Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.

  • CVE-2012-3414Jul 19, 2013
    affected < 0fixed 0

    Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the

  • CVE-2012-6527Jan 31, 2013
    affected < 0fixed 0

    Cross-site scripting (XSS) vulnerability in the My Calendar plugin before 1.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

  • CVE-2011-5216Oct 25, 2012
    affected < 0fixed 0

    SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress plugin before 1.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the active parameter. NOTE: some of these details are obtained from third party information.

  • CVE-2012-4271Aug 13, 2012
    affected < 0fixed 0

    Multiple cross-site scripting (XSS) vulnerabilities in bad-behavior-wordpress-admin.php in the Bad Behavior plugin before 2.0.47 and 2.2.x before 2.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) httpbl_key, (3) httpbl_ma

  • CVE-2007-2627May 11, 2007
    affected < 0fixed 0

    Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than CVE-2007-1622.