Wordpress

Wordpress

360 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2008-3233

Exploit
  • EPSS 0.47%
  • Published 18.07.2008 16:41:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN development versions only, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

9

CVE-2008-2392

  • EPSS 1.93%
  • Published 21.05.2008 13:24:00
  • Last modified 09.04.2025 00:30:58

Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard.

7.5

CVE-2008-2146

Exploit
  • EPSS 0.58%
  • Published 12.05.2008 20:20:00
  • Last modified 09.04.2025 00:30:58

wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages.

4.3

CVE-2008-2068

  • EPSS 0.67%
  • Published 02.05.2008 23:20:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

7.5

CVE-2008-1930

  • EPSS 7.66%
  • Published 28.04.2008 20:05:00
  • Last modified 09.04.2025 00:30:58

The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as...

4.3

CVE-2008-1304

  • EPSS 2.15%
  • Published 12.03.2008 17:44:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action...

6.4

CVE-2008-0664

  • EPSS 6.84%
  • Published 08.02.2008 02:00:00
  • Last modified 09.04.2025 00:30:58

The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors.

5

CVE-2008-0191

  • EPSS 0.92%
  • Published 10.01.2008 00:46:00
  • Last modified 09.04.2025 00:30:58

WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals the full path and the SQL database structure.

4.3

CVE-2008-0192

Exploit
  • EPSS 2.05%
  • Published 10.01.2008 00:46:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php.

4.3

CVE-2008-0193

Exploit
  • EPSS 1.74%
  • Published 10.01.2008 00:46:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp...