Wordpress

Wordpress

378 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2008-2068

  • EPSS 0.63%
  • Veröffentlicht 02.05.2008 23:20:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

7.5

CVE-2008-1930

  • EPSS 7.51%
  • Veröffentlicht 28.04.2008 20:05:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as...

4.3

CVE-2008-1304

  • EPSS 2.08%
  • Veröffentlicht 12.03.2008 17:44:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action...

6.4

CVE-2008-0664

  • EPSS 7.26%
  • Veröffentlicht 08.02.2008 02:00:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors.

5

CVE-2008-0191

  • EPSS 0.98%
  • Veröffentlicht 10.01.2008 00:46:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals the full path and the SQL database structure.

4.3

CVE-2008-0192

Exploit
  • EPSS 2.11%
  • Veröffentlicht 10.01.2008 00:46:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php.

4.3

CVE-2008-0193

Exploit
  • EPSS 1.86%
  • Veröffentlicht 10.01.2008 00:46:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp...

7.5

CVE-2008-0194

Exploit
  • EPSS 0.59%
  • Veröffentlicht 10.01.2008 00:46:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.p...

5

CVE-2008-0195

Exploit
  • EPSS 2.39%
  • Veröffentlicht 10.01.2008 00:46:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages.

5

CVE-2008-0196

Exploit
  • EPSS 0.25%
  • Veröffentlicht 10.01.2008 00:46:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/ad...