Wordpress

Wordpress

360 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2008-3233

Exploit
  • EPSS 0.47%
  • Veröffentlicht 18.07.2008 16:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN development versions only, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

9

CVE-2008-2392

  • EPSS 1.93%
  • Veröffentlicht 21.05.2008 13:24:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard.

7.5

CVE-2008-2146

Exploit
  • EPSS 0.58%
  • Veröffentlicht 12.05.2008 20:20:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages.

4.3

CVE-2008-2068

  • EPSS 0.67%
  • Veröffentlicht 02.05.2008 23:20:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

7.5

CVE-2008-1930

  • EPSS 7.66%
  • Veröffentlicht 28.04.2008 20:05:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as...

4.3

CVE-2008-1304

  • EPSS 2.15%
  • Veröffentlicht 12.03.2008 17:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action...

6.4

CVE-2008-0664

  • EPSS 6.84%
  • Veröffentlicht 08.02.2008 02:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors.

5

CVE-2008-0191

  • EPSS 0.92%
  • Veröffentlicht 10.01.2008 00:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals the full path and the SQL database structure.

4.3

CVE-2008-0192

Exploit
  • EPSS 2.05%
  • Veröffentlicht 10.01.2008 00:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php.

4.3

CVE-2008-0193

Exploit
  • EPSS 1.74%
  • Veröffentlicht 10.01.2008 00:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp...