Wordpress

Wordpress

362 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2008-0192

Exploit
  • EPSS 2.2%
  • Veröffentlicht 10.01.2008 00:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php.

4.3

CVE-2008-0193

Exploit
  • EPSS 1.74%
  • Veröffentlicht 10.01.2008 00:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp...

7.5

CVE-2008-0194

Exploit
  • EPSS 0.59%
  • Veröffentlicht 10.01.2008 00:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.p...

5

CVE-2008-0195

Exploit
  • EPSS 2.25%
  • Veröffentlicht 10.01.2008 00:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages.

5

CVE-2008-0196

Exploit
  • EPSS 0.23%
  • Veröffentlicht 10.01.2008 00:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/ad...

6.8

CVE-2007-6318

Exploit
  • EPSS 4.94%
  • Veröffentlicht 12.12.2007 00:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings ...

9.8

CVE-2007-6013

Exploit
  • EPSS 1.55%
  • Veröffentlicht 19.11.2007 21:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.

2.6

CVE-2007-5710

  • EPSS 3.34%
  • Veröffentlicht 30.10.2007 19:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in wp-admin/edit-post-rows.php in WordPress 2.3 allows remote attackers to inject arbitrary web script or HTML via the posts_columns array parameter.

4.3

CVE-2007-5105

  • EPSS 1.68%
  • Veröffentlicht 26.09.2007 22:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the user_email parameter.

4.3

CVE-2007-5106

Exploit
  • EPSS 0.36%
  • Veröffentlicht 26.09.2007 22:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 allows remote attackers to inject arbitrary web script or HTML via the user_login parameter.