CVE-2009-1030
- EPSS 4.66%
- Veröffentlicht 20.03.2009 00:30:00
- Zuletzt bearbeitet 16.06.2026 23:06:21
Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.
CVE-2008-5695
- EPSS 12.01%
- Veröffentlicht 19.12.2008 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:00:49
wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrar...
CVE-2008-5278
- EPSS 3.23%
- Veröffentlicht 28.11.2008 19:30:00
- Zuletzt bearbeitet 16.06.2026 22:59:37
Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable).
- EPSS 1.33%
- Veröffentlicht 17.11.2008 23:30:00
- Zuletzt bearbeitet 16.06.2026 22:59:16
WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by at...
- EPSS 8.99%
- Veröffentlicht 30.10.2008 20:56:54
- Zuletzt bearbeitet 16.06.2026 22:58:33
The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitra...
CVE-2008-4769
- EPSS 8.97%
- Veröffentlicht 28.10.2008 10:30:01
- Zuletzt bearbeitet 16.06.2026 22:58:30
Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. ...
CVE-2008-4671
- EPSS 3.81%
- Veröffentlicht 22.10.2008 10:30:01
- Zuletzt bearbeitet 16.06.2026 22:58:16
Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) before 2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) s and (2) ip_address parameters.
CVE-2008-4106
- EPSS 5.48%
- Veröffentlicht 18.09.2008 17:59:33
- Zuletzt bearbeitet 16.06.2026 22:57:11
WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows rem...
CVE-2008-4107
- EPSS 3.01%
- Veröffentlicht 18.09.2008 17:59:33
- Zuletzt bearbeitet 16.06.2026 22:57:11
The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by ...
CVE-2008-3747
- EPSS 2.55%
- Veröffentlicht 27.08.2008 15:21:00
- Zuletzt bearbeitet 16.06.2026 22:56:27
The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access ...