VYPR

WordPress

by WordPress

Source repositories

CVEs (377)

  • CVE-2006-3389Jul 6, 2006
    risk 0.00cvss epss 0.03

    index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error message. NOTE: this issue has been disputed by a third party who states that the…

  • CVE-2006-3390Jul 6, 2006
    risk 0.00cvss epss 0.03

    WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the (1) wp-admin, (2) wp-content, and (3) wp-includes directories, possibly due to uninitialized variables.

  • CVE-2006-2702May 31, 2006
    risk 0.00cvss epss 0.03

    vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR'].

  • CVE-2006-2667May 30, 2006
    risk 0.00cvss epss 0.15

    Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1)…

  • CVE-2006-1796Apr 17, 2006
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI…

  • CVE-2006-1263Mar 19, 2006
    risk 0.00cvss epss 0.02

    Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

  • CVE-2006-1012Mar 6, 2006
    risk 0.00cvss epss 0.03

    SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment.

  • CVE-2006-0986Mar 3, 2006
    risk 0.00cvss epss 0.03

    WordPress 2.0.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) default-filters.php, (2) template-loader.php, (3) rss-functions.php, (4) locale.php, (5) wp-db.php, and (6) kses.php in the wp-includes/ directory; and (7)…

  • CVE-2006-0985Mar 3, 2006
    risk 0.00cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in the "post comment" functionality of WordPress 2.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) website, and (3) comment parameters.

  • CVE-2005-4463Dec 21, 2005
    risk 0.00cvss epss 0.03

    WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to (1) wp-includes/vars.php, (2) wp-content/plugins/hello.php, (3) wp-admin/upgrade-functions.php, (4) wp-admin/edit-form.php, (5) wp-settings.php, and (6)…

  • CVE-2005-2612Aug 17, 2005
    risk 0.00cvss epss 0.39

    Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie.

  • CVE-2005-2107Jul 5, 2005
    risk 0.00cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p or (2) comment parameter.

  • CVE-2005-2110Jul 5, 2005
    risk 0.00cvss epss 0.03

    WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a direct request to menu-header.php or a "1" value in the feed parameter to (2) wp-atom.php, (3) wp-rss.php, or (4) wp-rss2.php, which reveal the path in an error message. NOTE: vector…

  • CVE-2005-2109Jul 5, 2005
    risk 0.00cvss epss 0.03

    wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use.

  • CVE-2005-1810Jun 1, 2005
    risk 0.00cvss epss 0.03

    SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $cat_ID variable, as demonstrated using the cat parameter to index.php.

  • CVE-2005-1687May 20, 2005
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the tb_id parameter.

  • CVE-2005-1102May 2, 2005
    risk 0.00cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in template-functions-post.php in WordPress 1.5 and earlier allow remote attackers to execute arbitrary commands via the (1) content or (2) title of the post.

Page 19 of 19