Wordpress

Wordpress

360 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2005-2107

Exploit
  • EPSS 0.91%
  • Veröffentlicht 05.07.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p or (2) comment parameter.

7.5

CVE-2005-2108

Exploit
  • EPSS 1.06%
  • Veröffentlicht 05.07.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file.

5

CVE-2005-2109

  • EPSS 1.08%
  • Veröffentlicht 05.07.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use.

5

CVE-2005-2110

  • EPSS 1.23%
  • Veröffentlicht 05.07.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a direct request to menu-header.php or a "1" value in the feed parameter to (2) wp-atom.php, (3) wp-rss.php, or (4) wp-rss2.php, which reveal the path in an...

7.5

CVE-2005-1810

  • EPSS 1.64%
  • Veröffentlicht 01.06.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $cat_ID variable, as demonstrated using the cat parameter to index.php.

7.5

CVE-2005-1687

  • EPSS 0.84%
  • Veröffentlicht 20.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the tb_id parameter.

5

CVE-2005-1688

  • EPSS 0.62%
  • Veröffentlicht 20.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message.

6.8

CVE-2005-1102

  • EPSS 1.44%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in template-functions-post.php in WordPress 1.5 and earlier allow remote attackers to execute arbitrary commands via the (1) content or (2) title of the post.

4.3

CVE-2004-1559

Exploit
  • EPSS 1.33%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-...

5

CVE-2004-1584

Exploit
  • EPSS 16%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter.