Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Wordpress
(Wordpress)| Repositories |
• https://github.com/WordPress/WordPress
• https://github.com/johndyer/mediaelement • https://github.com/moxiecode/moxieplayer • https://github.com/moxiecode/plupload |
| #Vulnerabilities | 351 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2008-02-08 | CVE-2008-0664 | The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors. | Wordpress | N/A | ||
| 2008-01-09 | CVE-2008-0196 | Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path via a request for the \..\..\wp-config pathname; and allow remote attackers to modify arbitrary files via a .. (dot dot) in the file parameter to wp-admin/templates.php. | Wordpress | N/A | ||
| 2008-01-09 | CVE-2008-0195 | WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages. | Wordpress | N/A | ||
| 2008-01-09 | CVE-2008-0194 | Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. NOTE: this might be the same as CVE-2006-5705.1. | Wordpress | N/A | ||
| 2008-01-09 | CVE-2008-0193 | Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. | Wordpress | N/A | ||
| 2008-01-09 | CVE-2008-0192 | Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php. | Wordpress | N/A | ||
| 2008-01-09 | CVE-2008-0191 | WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals the full path and the SQL database structure. | Wordpress | N/A | ||
| 2007-12-11 | CVE-2007-6318 | SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character. | Wordpress | N/A | ||
| 2007-10-30 | CVE-2007-5710 | Cross-site scripting (XSS) vulnerability in wp-admin/edit-post-rows.php in WordPress 2.3 allows remote attackers to inject arbitrary web script or HTML via the posts_columns array parameter. | Wordpress | N/A | ||
| 2007-09-26 | CVE-2007-5106 | Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 allows remote attackers to inject arbitrary web script or HTML via the user_login parameter. | Wordpress | N/A |