Wordpress

Wordpress

360 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2008-0194

Exploit
  • EPSS 0.59%
  • Veröffentlicht 10.01.2008 00:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.p...

5

CVE-2008-0195

Exploit
  • EPSS 2.25%
  • Veröffentlicht 10.01.2008 00:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages.

5

CVE-2008-0196

Exploit
  • EPSS 0.2%
  • Veröffentlicht 10.01.2008 00:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/ad...

6.8

CVE-2007-6318

Exploit
  • EPSS 4.94%
  • Veröffentlicht 12.12.2007 00:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings ...

9.8

CVE-2007-6013

Exploit
  • EPSS 1.39%
  • Veröffentlicht 19.11.2007 21:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.

2.6

CVE-2007-5710

  • EPSS 3.13%
  • Veröffentlicht 30.10.2007 19:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in wp-admin/edit-post-rows.php in WordPress 2.3 allows remote attackers to inject arbitrary web script or HTML via the posts_columns array parameter.

4.3

CVE-2007-5105

  • EPSS 1.58%
  • Veröffentlicht 26.09.2007 22:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the user_email parameter.

4.3

CVE-2007-5106

Exploit
  • EPSS 0.33%
  • Veröffentlicht 26.09.2007 22:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 allows remote attackers to inject arbitrary web script or HTML via the user_login parameter.

4.3

CVE-2007-4893

  • EPSS 1.45%
  • Veröffentlicht 14.09.2007 18:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data t...

7.5

CVE-2007-4894

  • EPSS 3.64%
  • Veröffentlicht 14.09.2007 18:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XM...